45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71

Analysis

max time kernel
147s
max time network
156s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
31-10-2024 08:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71.exe
Size

3.1MB
MD5

b0641715831e49b3816772d4adcda114
SHA1

c06ce54a9d3c86108b317ea189235ffbe4ab6bb1
SHA256

45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71
SHA512

d6bcc2134bb80dc8af17782639bc362d7f02ede390ce71f8cb8d2e1117325121c96294cf4236e2fc2bab69d730eeb6f9de92d89fbd3733dbab3ef0955cd249b4
SSDEEP

98304:GAyXe7ykegiTNpjQpSI14jSKQoDXAy0YbJ31nu2Cmh:CXe7tiTHjY4jS1sXA/mJ5u2nh

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 8 IoCs

pid	Process
4400	setup.exe
3272	setup.exe
2024	setup.exe
4256	setup.exe
4284	setup.exe
5524	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5976	assistant_installer.exe
6028	assistant_installer.exe

Loads dropped DLL 5 IoCs

pid	Process
4400	setup.exe
3272	setup.exe
2024	setup.exe
4256	setup.exe
4284	setup.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 3 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 830661.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

pid	Process
4548	msedge.exe
4548	msedge.exe
1848	msedge.exe
1848	msedge.exe
5848	identity_helper.exe
5848	identity_helper.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe
5356	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of FindShellTrayWindow 60 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe
1848	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

pid	Process
4400	setup.exe
4400	setup.exe
4400	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 4804 wrote to memory of 4400	4804	45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71.exe	84
PID 4804 wrote to memory of 4400	4804	45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71.exe	84
PID 4804 wrote to memory of 4400	4804	45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71.exe	84
PID 4400 wrote to memory of 3272	4400	setup.exe	86
PID 4400 wrote to memory of 3272	4400	setup.exe	86
PID 4400 wrote to memory of 3272	4400	setup.exe	86
PID 4400 wrote to memory of 2024	4400	setup.exe	89
PID 4400 wrote to memory of 2024	4400	setup.exe	89
PID 4400 wrote to memory of 2024	4400	setup.exe	89
PID 4400 wrote to memory of 4256	4400	setup.exe	95
PID 4400 wrote to memory of 4256	4400	setup.exe	95
PID 4400 wrote to memory of 4256	4400	setup.exe	95
PID 4256 wrote to memory of 4284	4256	setup.exe	96
PID 4256 wrote to memory of 4284	4256	setup.exe	96
PID 4256 wrote to memory of 4284	4256	setup.exe	96
PID 4400 wrote to memory of 1848	4400	setup.exe	97
PID 4400 wrote to memory of 1848	4400	setup.exe	97
PID 1848 wrote to memory of 5024	1848	msedge.exe	99
PID 1848 wrote to memory of 5024	1848	msedge.exe	99
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 1048	1848	msedge.exe	101
PID 1848 wrote to memory of 4548	1848	msedge.exe	102
PID 1848 wrote to memory of 4548	1848	msedge.exe	102
PID 1848 wrote to memory of 2060	1848	msedge.exe	104
PID 1848 wrote to memory of 2060	1848	msedge.exe	104
PID 1848 wrote to memory of 2060	1848	msedge.exe	104

C:\Users\Admin\AppData\Local\Temp\45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71.exe
"C:\Users\Admin\AppData\Local\Temp\45361a18f1e488c2b34bf83c124289b42b49726d23555e2822ba0996df28cb71.exe"
1⤵
- System Location Discovery: System Language Discovery
- Suspicious use of WriteProcessMemory
PID:4804
- C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe
  C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:4400
- - C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x324,0x328,0x32c,0x300,0x330,0x740d1b54,0x740d1b60,0x740d1b6c
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:3272
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2024
- - C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe
    "C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=4400 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241031082230" --session-guid=2944900c-c03c-4e55-bf1d-bf6cd4a0d525 --server-tracking-blob=MWY0ZjA2N2JjNjVjNTRlMGZlYmU0YjExMjhlYTA1NDIzMjczMWUzNzQ3MmQ2Mjc3NTkzZjM2OTQ5MTAxYmI4OTp7InByb2R1Y3QiOnsibmFtZSI6Ik9wZXJhIEdYIn0sInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fX0= --desktopshortcut=1 --wait-for-package --initial-proc-handle=A009000000000000
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:4256
  - - C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=112.0.5197.115 --initial-client-data=0x31c,0x320,0x330,0x2f8,0x334,0x71931b54,0x71931b60,0x71931b6c
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:4284
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
    3⤵
    - Enumerates system info in registry
    - NTFS ADS
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SendNotifyMessage
    - Suspicious use of WriteProcessMemory
    PID:1848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ffd4e8546f8,0x7ffd4e854708,0x7ffd4e854718
      4⤵
      PID:5024
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1972 /prefetch:2
      4⤵
      PID:1048
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2332 /prefetch:3
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:4548
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2980 /prefetch:8
      4⤵
      PID:2060
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3544 /prefetch:1
      4⤵
      PID:1336
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3552 /prefetch:1
      4⤵
      PID:1604
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4880 /prefetch:1
      4⤵
      PID:4636
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5156 /prefetch:1
      4⤵
      PID:4892
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5376 /prefetch:8
      4⤵
      PID:3476
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5144 /prefetch:1
      4⤵
      PID:4668
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5944 /prefetch:1
      4⤵
      PID:5164
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5960 /prefetch:1
      4⤵
      PID:5172
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6460 /prefetch:8
      4⤵
      PID:5344
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6480 /prefetch:1
      4⤵
      PID:5392
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
      4⤵
      PID:5400
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
      4⤵
      PID:5608
  - - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6208 /prefetch:8
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5848
  - - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1964,888508646624556200,3358576772887583465,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1728 /prefetch:2
      4⤵
      Suspicious behavior: EnumeratesProcesses
      PID:5356
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5524
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\assistant\assistant_installer.exe" --version
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    PID:5976
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x274,0x278,0x27c,0x250,0x280,0x7b4f48,0x7b4f58,0x7b4f64
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:6028

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4068

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1132

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
213d08513e32bb6741bec453fd3759aa

SHA1
f7df0a9a4bcd1c840e5459102672921d7912fabb

SHA256
8e95d9099eebd14015e359e21a16a7b28fe2e3a206189c7e0dc7b5bd71d0744f

SHA512
c75a4f233621bab3306e3f6509ada296f2891c8999e8fe8fa0c48a3ebf45626b5b52b1e52af1b914b4c6e0ff881ee64405779c717adeae6973f7106446d678d7

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
471B

MD5
c8c8db92f7cd7aa2e5deefa27127451e

SHA1
8c7a6b67771e0937cd1be62deb48cc5582182b08

SHA256
f2ad2a102162e9ef032e3afa9b759ecbf7354e270768dcfcc62a84fbb8b54aaa

SHA512
fd9f03dc7fa9ae5c52c375a17c5afd2efc5b7b1586c6122ce1a7e715fd2c4ebdaaac6803b2ade829a71c3b6c64448696ac764734efced87bcaa8884f9e0fc7b3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
bcfd43b53a47b2dcf107efdcbd0b59a4

SHA1
75b548df2aecb2dec9a995c9ff974be78959411a

SHA256
b0fa8ff8516c233400ff93675d5091c6747a19287d70c92c470fb30978868fa6

SHA512
f473cfef0228f41b471e67ad3dbfe5715ba9aab9eb541f27445da87b8944bcd6a3560ab3e5e57a440f8a626b9137fdcd85aa2a50366f67ec61f478b4c7cea634

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
037a1a1eed877c520ec2d8e877a0ef10

SHA1
2c261667a88ca76c700cf61c24167d6185f164b8

SHA256
04f352b4d334a645a09a76772ff766ee4ae359754a056d08f5772895a703cc7e

SHA512
021cf980ecf3cdc259caadb470a5557d8b0ac13d34185e8e4bb22693e26b7ce01ee5fcc833177d921635e8da3a6cb72e9133c5a6e786056db71969b515814bbf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
d31bd5427245a842a694a6a5520155e6

SHA1
aa289fea3dd783f28e921bc3dedc03ac0a0cd204

SHA256
46fc8d1ba343221868204a51688636db57eae7aed3bc3dcb398a08f248a2b6e6

SHA512
8812ff9459f12145db189a7bfe2d2836ab3d8a2217a74e857cea9ec7651667847730c107878b1991821009e26a5eff616897d0c2c374788764c492649b7bc19b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_A4CF52CCA82D7458083F7280801A3A04

Filesize
400B

MD5
94d9157f05aef14d61d42335f7b9b5c3

SHA1
33f3aa558610544daa9c5ec5b3db44f16660a985

SHA256
bc99bb6e506c85667c32555d3aa5e71742d22e1ee47bee83bbc29cf23de4fb62

SHA512
00db9be963ca35003d3347d963abb959185e45cc1d67bb711bfc511c67ef9724479456b23ce5576e4c63b0ea5a060676387a345b071078f8d2c9d4054dec3160

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
f1b99b5890c799feba5bc7d15aa8cb75

SHA1
aa3afe4e73ec3d8a740115921d3954cd03fdca10

SHA256
4a0870f0caade62d2b51de397f9b86f4c06c4acd55e04ee29bb956f80bd95f3c

SHA512
9486e41775051edd250386b4504cc77619ff6b0b4a74e83ef6df6aea88a1797fd0256ea134eace88d6ae03539cb0d93dc124549d3900a54b83a47117cb69f304

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
bcce7d6069d1e74e133975dc11496e8d

SHA1
70e008d1ba3e5076e61bea4c23fb18a334bb527b

SHA256
e809653b6bbd11adc61813f8e32a60e542a64bd69ad0b93b2c9b3dd1b036751e

SHA512
2e27f8f52c9253d53ab87fcd459e9d7cbfa66ea069e34dde7ef6d2cfda2a4d81152fa5d05a8dd8a39c94554ee2eea1f5cfdebe33da03e97c31d08d0b4711dc4b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
192B

MD5
f3d44a03de5612ad410512d2530660c7

SHA1
83920edc7491b17eb82ae05dc29481e6c337e326

SHA256
e040f6ae96f23f460d50b050153999c2a271f29d3ad6a1def077238922cbbbe6

SHA512
9b119facd4cbf54d2ad168e083f4d0a887418ff9f71ee19ba85aaa66df1caaaf0875428f07cd8c0babb80f1049eb07d3c369e6781d518e69d092a0e2c29b938e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
f00114dc51ebb45de4fdbc04893dbd25

SHA1
39934002054355bce084fca91583b6e12d18ac46

SHA256
3d7af91b3b55a1cecabca313bf04a8e96e9e2636c9cf8577d2bbdaae330baf8b

SHA512
649509bf684eaedd3e797d648813106c7931264f59bd3d9aaef24296fd914a10e2f0cf7f65609f676dd3b2a1f7d7af29028d8e45289dcbbfedfa92c590c88564

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
67ac61def449d2655e21f4936b7b2817

SHA1
461a364bf796734a30f5a7424a9db1d228dd3d06

SHA256
107ddad4f134e18b66e3da62b451ebb1dcbabdc79c2874da8b92697f08f35f87

SHA512
d7fd02c58ad73c4777a90522127aa2140bcb244c082e5b12a2e9a05db665bbaefbc3cefed4dc614f9299efd39019dc49d23ebda20cd7e29dea0bbbc066a0105e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
e93fc75acea8bdc60ae4209d09d69e77

SHA1
b3d8f8b39f94b09f1d6420776c552d0e86e7b0c8

SHA256
3330e8768d9f34117993f3e6040782bb46856e9c972a2789140d701c04d34a03

SHA512
de11709d473767c79c2bf6a33900ecfff70c0e4d545a282209b90db03ca1ef65f5cffca284be76b9283c7939719af78a4523672284834828f4f1560b118c329b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
732141ace7cce5500bb2ade0144df634

SHA1
6a9e38c16c8c1c0392f2f10c80708b3a17a79b3e

SHA256
d3e42c5f47d730a9bc72033fd35724c34845558c2b85ac0ceed465bc945ad1ec

SHA512
485c1b35db280ad3a64b5f3020b8ea31f32ec07d38773232c61ad58aa37a940cec2ed355749f047e01f317c2770cdfeff8c3a204a60d98b5ae9bbec718177a0a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
7945af33a07863c13a6fb2948cbf4155

SHA1
0d482f863edc3b580e121844495d1d2b2ecf2d18

SHA256
66506af25caa08ae8e37cfe4e86074a33a801ea0ce8fde0d1a3536f3f6c2c066

SHA512
2c4f1a4c410434ae209fe7f4124e36765b85995e306538a846cce432261ab39d19232aab932012965f0c22cdd4f23c69955f3dd306a6f34c637245500d516d63

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe589b80.TMP

Filesize
48B

MD5
d253674136cced3917ab3e01b8f24d02

SHA1
4ff088f6c64203715d4ff2ad1b31d53e8c4dccbd

SHA256
1e92f7c3ef1879f954716f8231cf205325aabe9a61d9cb955c405083c96be4fe

SHA512
6010d0642853c189ac553bcb35a4f08a8931bdd2f9915e817d498507810ad000113f4f5d9b03a946b82312c3d82c06aa0f444c5df311fcc57d7dd11a1409f851

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
7fb945502d7ce6d6ef609bbf88a68623

SHA1
7c9df77138f7c45e14f6b631743542246cf65bc6

SHA256
da37593f2cd0a0972032f3c3fe8cfc2cb7c93eac0dbd5bccb7eee8edc3eafe6a

SHA512
22b53a790f4392d42c4278e90978ce4ef86943de494c617a7346de335a2fd9882e05323e633349bd23299a21f82649936e4653e57b42488594e9ed022dea5109

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
96758be590cbe0d9799923a685610640

SHA1
eeb2112c4644fe0a006365a6b617e7185ca85046

SHA256
665ee5790336a14b8d4710a97c1ddeda3f9c9f5201452fec86379bc993b8f2db

SHA512
60bcb1d74b9822a01e945c863b66676df4ee89c28123527e49d020dda60c9f74a1f05311ed0a6a739c8943932b3536c5f1383440a0a9fcaa00ee9f94ada68e8b

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202410310822301\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS4C272DA7\setup.exe

Filesize
6.4MB

MD5
defd30ea336650cc29c0c79fad6fa6b5

SHA1
935d871ed86456c6dd3c83136dc2d1bda5988ff3

SHA256
015a13bd912728e463df6807019b1914dffc3e6735830472e3287150a02e13f4

SHA512
8c6ebbf398fb44ff2254db5a7a2ffbc8803120fa93fa6b72c356c6e8eca45935ab973fe3c90d52d5a7691365caf5b41fe2702b6c76a61a0726faccc392c40e54

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2410310822278254400.dll

Filesize
5.9MB

MD5
640ed3115c855d32ee1731c54702eab7

SHA1
1ac749b52794cbadfec8d9219530e9a79fc9427c

SHA256
29b4cabc7a0e9dffbc2395b976749be0aad88357dd3b1d7e0cfc9b0c645421a3

SHA512
bebe55fdbb363b78c4a6371304f65b89e03a03cee5a8ebceee1681261d8df64a0de36888ed763c3a607ae2732ab54e2e41edb624f37a7fdf8755c40e6bb96f53

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
a7d71f2962e4b39398fba5e0cc051a94

SHA1
56fb6c923f15ad6d472e7ff1a0d4e8b9e545b847

SHA256
309305a6e1f202f6b27d01059bd4a43924448137cc4716532ed5a52c06976b5c

SHA512
cb7f459944d5cc22665d04001fb7c0c667af517282c633c09ac503ffc8eb7ca2ad48f2df99e4e44ecdce49db4e260bd53cbb730786f1ef0083f683e2cfb93e29

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
f2708a08683803042d87f6e354084604

SHA1
34c29ddafc2e193a55a0b025cb16bd14dfd33275

SHA256
4b92ebb0105322e27878c514a9a26e2f0223bf249fbda34d0869e16a81d78a26

SHA512
ca5f9db18f0379b353cc2e05b90ef70a7f2c943cc15844872f7e8f68e93ed7c7ee73cfa7e5891f6dc7a25b3771104ac73a08a01475ae78bd8b5f824da57ba681

Download Submit