3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e

Analysis

max time kernel
149s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:17

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
Size

6.3MB
MD5

989c19cb5a38faccf48c43bafd8f58e2
SHA1

987591fd5d28590847fdb6243a12f3b821dd743b
SHA256

3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e
SHA512

d6a9b4e2cf3c017b838625b529d4c112499fbc161527193390523cac1b2ba0016b837354553872f9ee5e40e2f8f443b4a615f2eb825e9767ed669bb3234df993
SSDEEP

98304:r0xBAv6666666666666666666666666666666x666666666666666fwwwwwwwwwa:7EoMGNJCbfhjTiH32xHH94s2CRDw8

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 1 IoCs

pid	Process
2208	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe

Loads dropped DLL 5 IoCs

pid	Process
2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
3128	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
2208	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
4232	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
1100	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\F:	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
File opened (read-only)	\??\D:	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
File opened (read-only)	\??\F:	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
File opened (read-only)	\??\D:	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 19000000010000001000000068cb42b035ea773e52ef50ecf50ec529030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae4747e000000010000000800000000c001b39667d6017f000000010000000c000000300a06082b060105050703091d0000000100000010000000918ad43a9475f78bb5243de886d8103c140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb0b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b0601050507030853000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f20000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 0f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f53000000010000007f000000307d3020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c009000000010000003e000000303c06082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030906082b0601050507030106082b060105050703080b0000000100000030000000440069006700690043006500720074002000420061006c00740069006d006f0072006500200052006f006f007400000062000000010000002000000016af57a9f676b0ab126095aa5ebadef22ab31119d644ac95cd4b93dbf3f26aeb140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c7f000000010000000c000000300a06082b060105050703097e000000010000000800000000c001b39667d601030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47420000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 680721.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
1552	msedge.exe
1552	msedge.exe
3120	msedge.exe
3120	msedge.exe
3256	identity_helper.exe
3256	identity_helper.exe
5508	msedge.exe
5508	msedge.exe
5508	msedge.exe
5508	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of FindShellTrayWindow 52 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe
3120	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2556 wrote to memory of 3128	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	84
PID 2556 wrote to memory of 3128	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	84
PID 2556 wrote to memory of 3128	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	84
PID 2556 wrote to memory of 2208	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	87
PID 2556 wrote to memory of 2208	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	87
PID 2556 wrote to memory of 2208	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	87
PID 2556 wrote to memory of 4232	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	93
PID 2556 wrote to memory of 4232	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	93
PID 2556 wrote to memory of 4232	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	93
PID 4232 wrote to memory of 1100	4232	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	95
PID 4232 wrote to memory of 1100	4232	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	95
PID 4232 wrote to memory of 1100	4232	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	95
PID 2556 wrote to memory of 3120	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	96
PID 2556 wrote to memory of 3120	2556	3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe	96
PID 3120 wrote to memory of 4776	3120	msedge.exe	99
PID 3120 wrote to memory of 4776	3120	msedge.exe	99
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 2224	3120	msedge.exe	101
PID 3120 wrote to memory of 1552	3120	msedge.exe	102
PID 3120 wrote to memory of 1552	3120	msedge.exe	102
PID 3120 wrote to memory of 2952	3120	msedge.exe	103
PID 3120 wrote to memory of 2952	3120	msedge.exe	103
PID 3120 wrote to memory of 2952	3120	msedge.exe	103
PID 3120 wrote to memory of 2952	3120	msedge.exe	103
PID 3120 wrote to memory of 2952	3120	msedge.exe	103
PID 3120 wrote to memory of 2952	3120	msedge.exe	103

C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
"C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2556
- C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
  C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=113.0.5230.75 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x260,0x74ba1864,0x74ba1870,0x74ba187c
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:3128
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:2208
- C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
  "C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=2556 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241031081838" --session-guid=406ce804-0aef-4c64-a51b-609c3651bdc5 --server-tracking-blob=MWY0ZjA2N2JjNjVjNTRlMGZlYmU0YjExMjhlYTA1NDIzMjczMWUzNzQ3MmQ2Mjc3NTkzZjM2OTQ5MTAxYmI4OTp7InByb2R1Y3QiOnsibmFtZSI6Ik9wZXJhIEdYIn0sInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fX0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=9C09000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:4232
- - C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe
    C:\Users\Admin\AppData\Local\Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=113.0.5230.75 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x71e81864,0x71e81870,0x71e8187c
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1100
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:3120
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa2a1446f8,0x7ffa2a144708,0x7ffa2a144718
    3⤵
    PID:4776
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2164 /prefetch:2
    3⤵
    PID:2224
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2216 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:1552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2708 /prefetch:8
    3⤵
    PID:2952
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3352 /prefetch:1
    3⤵
    PID:3628
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3400 /prefetch:1
    3⤵
    PID:1420
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4208 /prefetch:1
    3⤵
    PID:1560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5064 /prefetch:1
    3⤵
    PID:748
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
    3⤵
    PID:4592
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4868 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3256
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5592 /prefetch:1
    3⤵
    PID:1540
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5624 /prefetch:1
    3⤵
    PID:724
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5168 /prefetch:1
    3⤵
    PID:1636
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5060 /prefetch:8
    3⤵
    PID:4060
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4956 /prefetch:1
    3⤵
    PID:5312
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
    3⤵
    PID:5320
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6316 /prefetch:8
    3⤵
    PID:5328
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2152,9749771837959373108,393412884863536999,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1808 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5508

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2764

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:864

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
213d08513e32bb6741bec453fd3759aa

SHA1
f7df0a9a4bcd1c840e5459102672921d7912fabb

SHA256
8e95d9099eebd14015e359e21a16a7b28fe2e3a206189c7e0dc7b5bd71d0744f

SHA512
c75a4f233621bab3306e3f6509ada296f2891c8999e8fe8fa0c48a3ebf45626b5b52b1e52af1b914b4c6e0ff881ee64405779c717adeae6973f7106446d678d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
c8c8db92f7cd7aa2e5deefa27127451e

SHA1
8c7a6b67771e0937cd1be62deb48cc5582182b08

SHA256
f2ad2a102162e9ef032e3afa9b759ecbf7354e270768dcfcc62a84fbb8b54aaa

SHA512
fd9f03dc7fa9ae5c52c375a17c5afd2efc5b7b1586c6122ce1a7e715fd2c4ebdaaac6803b2ade829a71c3b6c64448696ac764734efced87bcaa8884f9e0fc7b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
bcfd43b53a47b2dcf107efdcbd0b59a4

SHA1
75b548df2aecb2dec9a995c9ff974be78959411a

SHA256
b0fa8ff8516c233400ff93675d5091c6747a19287d70c92c470fb30978868fa6

SHA512
f473cfef0228f41b471e67ad3dbfe5715ba9aab9eb541f27445da87b8944bcd6a3560ab3e5e57a440f8a626b9137fdcd85aa2a50366f67ec61f478b4c7cea634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
037a1a1eed877c520ec2d8e877a0ef10

SHA1
2c261667a88ca76c700cf61c24167d6185f164b8

SHA256
04f352b4d334a645a09a76772ff766ee4ae359754a056d08f5772895a703cc7e

SHA512
021cf980ecf3cdc259caadb470a5557d8b0ac13d34185e8e4bb22693e26b7ce01ee5fcc833177d921635e8da3a6cb72e9133c5a6e786056db71969b515814bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
2c582b22c21aa9bcc357a1e1ac9ea635

SHA1
b668379e5be848c235143ca54f610b04dd14f550

SHA256
3c98a0a09f808e543a75f06bd86ff658450ff0be48fc9dd7c2b5624287626b28

SHA512
2ab9bccf2119f17c96249fb4298850bbf7e1f526ebab28e4230f53a743811ee2b5bd5dd8057d4b5dd91fc1e17940fc25990ed12b3aeff0f01e8bdab6754ed4e7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
a615c020535246a5938b24d57c0f622b

SHA1
957bab076f2ae4b43102b7fa743e0314e20194d0

SHA256
9cfc8448e3feb57ad90cdcef92b5e6f0b3629e4490cebe729149190d13286706

SHA512
cc6a9ba2ec0c2a700c7575357d2c594b4ac1cebc953baea9f36f638a5e6e76fb44db44445c23bcf84e993f449799ad5522c4380b66b6e2f320119fd0b5111998

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
ce5db7d0b0eeabd9eecfa22d82a79ed0

SHA1
ddf8a6fc2d3041324bacdea67d7a41a7ab4e1334

SHA256
cf494c4b5b7550588b6711853e5ee03203ec9048e234f2fa8b3ee7841a06ac88

SHA512
0c403e0e960c544fe3642ae3c7515075d6ea619060b627bbaa76547b08a9c5120ace3b82293b6cfa8f37015c27c6e6832a80220e661549d704181649537d5385

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
ab338932fd231cb341d23679056fbe41

SHA1
48f6ddda75e3d8dfe880c102195e97e67fe94f88

SHA256
7a0351c844c264b5558fbccdb0c56396ef17960054b2a03d73bea45b5e6ca7f5

SHA512
9afb75f608442c0bd8764c72801d8b3d8e7078ce8f9e38739ed69a89902fa119fd70fc593893b4cf7c42b3356cc01a24e0bea16e413f33242ac2b2726528451a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
f426165d1e5f7df1b7a3758c306cd4ae

SHA1
59ef728fbbb5c4197600f61daec48556fec651c1

SHA256
b68dfc21866d0abe5c75d70acc54670421fa9b26baf98af852768676a901b841

SHA512
8d437fcb85acb0705bf080141e7a021740901248985a76299ea8c43e46ad78fb88c738322cf302f6a550caa5e79d85b36827e9b329b1094521b17cf638c015b6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
6960857d16aadfa79d36df8ebbf0e423

SHA1
e1db43bd478274366621a8c6497e270d46c6ed4f

SHA256
f40b812ce44e391423eb66602ac0af138a1e948aa8c4116045fef671ef21cd32

SHA512
6deb2a63055a643759dd0ae125fb2f68ec04a443dbf8b066a812b42352bbcfa4517382ed0910c190c986a864559c3453c772e153ee2e9432fb2de2e1e49ca7fe

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
2b3e290793bca08cda1111b2ad6f2a39

SHA1
3154502aeb1b70b1a9b6f831d7963064888d08b0

SHA256
f7a49f8eeb31051dbd38e90344483c196249f6601cf8cd55d262fac1f825d40d

SHA512
d26cf38d832551a078dcbb5d892a2e5c68fbda3c9a8b21c7d71f4e39cf6005f52f48890c2da88f7c89f6aad220c8eda3041e76fb87f1f00b9988e421a23edda6

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
57d89e9f4f012c2198f621f886e178a4

SHA1
55423998a60a9d0299ebbfc266a7d25e80cf915d

SHA256
0d3d3f544989d1db5ded09a052d63e8e7d591da2ae538a4a2bc98274352d93e6

SHA512
51c3f63c6b8f117c3556d603f0f0fc4dea474f698e26e13b769fda17232737862d7ed5d25a66194cd2576be0d92d1d666b2e7ecb54da415b56d9920891e030c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
98dac1afa4447c1811162ee42f22d719

SHA1
a8247a0b13c7dfd1d92aa7c6f3fbdd9f9a09fe5b

SHA256
80c8f7a0fa7f88bdc225754ea04203aa76e3da2cbc96be7ae319c2bab2b5e853

SHA512
f1313fef6394cfbfd468065542544868d8ece2f80a4f650e601b50be13f52259f89333edb5a8240060d79d6f81e49cf13eaee71429d8846acc0e7251fed9650d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
1fb0084619a4018bff12bd3e7ec742b2

SHA1
babf4934f5fac97fbcbb2c946be1007eeefad8fe

SHA256
752066f8be80622fa02dcd4c223d3cc26f8e751b069b17f566ebd3723f6dc14b

SHA512
0aa474c564ea309c714852b75754506ae2da3004e7fab718551241f438c8ff812b5600104e57e5fa47a8bd337ec6b861ac7f722900ec8a831821b9e28f88c563

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
2d061a4b42b2d522dda2fa701fa241f4

SHA1
e27e0a4147481aea4dc9bc10c5f5de2378028307

SHA256
d1b01905214e8ec4b7a41db23aa354490ff3b5ea850f37506e9a25d002410aff

SHA512
0b4d5d5ca1dd635f9e84c4f8c192862992b5d2fa24d3871b302a65c554757c8e395329454e64b2dd82ce78aebcec4f35fc187921539c5ba7bc33a6602b0fb26c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe580ab9.TMP

Filesize
48B

MD5
a66477915201b7458afb4be085fe97b4

SHA1
9b4736a8635ebc1b21008947ce3915bc10636c33

SHA256
421a887536c7ff1a8dc03a1eca70f3ade14d6e36fa97a22f1fc2e0f76fa6971f

SHA512
deee8eb1aaa24247f4e5a2058fa5f58c553776e9d6bfd0f1977b11dac1ad2bd39365f0ba525d39fba54d9cb885386d09b282adec544a32999f6867f3a1fb1fb4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
db18d7c7037d83e3490200db5016eade

SHA1
aa1fecd67bd20670fec170c28456df8062ed464c

SHA256
da54933e57039b5d0bab5f91acffc52a5d44661b2fb5e1fe30d78c0940df3224

SHA512
dc5f8f0f210d465a350440c952101b189eed9d645af4c3f865864c536bb9827e7e665d02f52c67a941a046680dfe0354f38f9b600eec39dd99c2793e4f95913a

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e.exe

Filesize
6.3MB

MD5
989c19cb5a38faccf48c43bafd8f58e2

SHA1
987591fd5d28590847fdb6243a12f3b821dd743b

SHA256
3afc7719f69bd313eed9735984b4b846b4db64db3413e4aa64f80051a0a96e9e

SHA512
d6a9b4e2cf3c017b838625b529d4c112499fbc161527193390523cac1b2ba0016b837354553872f9ee5e40e2f8f443b4a615f2eb825e9767ed669bb3234df993

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410310818376932556.dll

Filesize
5.8MB

MD5
d9566efedb5ea286e12826594a40e623

SHA1
eba69b688be145e73103ec9587db22e072ee9fb5

SHA256
d09af4042577f9c1c72863df791b0114d25086cbf9fa3012b765157ddcbbdf33

SHA512
daa4adc5f254088d3b8d22d27b5af3d3663630017903f64377579cba46c0b8e4ffa427b7e51ccdc214e70ed835e2ff9ec2baf4a28a194a1c22dd2ee2abf653bb

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
c5b887bd7b0d081e77dd9cea444dd5ca

SHA1
0de77a14e2de0df053139921fbc6c261d884c3c4

SHA256
9617a39d98b794160ca76327013507c2d92257dd6ca6792c98a834def48620ce

SHA512
9835347c04745b07610c7fafcac5162684bcbc13d805c3885f12f2075ebddd04902e4ea236d3133c97b61649c840e0a430f149c4935e6c6003dda6d98817825b

Download Submit