Analysis

  • max time kernel
    150s
  • max time network
    149s
  • platform
    windows11-21h2_x64
  • resource
    win11-20241007-en
  • resource tags

    arch:x64arch:x86image:win11-20241007-enlocale:en-usos:windows11-21h2-x64system
  • submitted
    12/11/2024, 16:51

General

  • Target

    OperaGXSetup.exe

  • Size

    3.2MB

  • MD5

    158d2ec449c15f23c26593620c74b739

  • SHA1

    063d7faecd3aff8c00e42e871f4b42b8667703be

  • SHA256

    e4119a413cec64090b250487d80612c9dab11e6d68d50ea8ee35a3d3899276ad

  • SHA512

    8c8b95e3e35056bda713ab66f3490afd2714f4265c2a6b54e62c0ff1ee296a8a2d6c931f1fa8ae9203f9de33ee6fa4de4e004a74f982395f1b56f71456ea2ef5

  • SSDEEP

    49152:oVAbwEw9pn+uTEa3XAqBfpd9pZBsQggCcL+oVmYRg1+Awf+UW7isjQmwLWrMItvf:kA4+uTEvqBhezcXdG7j7wLW4I9

Malware Config

Signatures

  • Executes dropped EXE 8 IoCs
  • Loads dropped DLL 5 IoCs
  • Reads user/profile data of web browsers 3 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Enumerates connected drives 3 TTPs 4 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Drops file in Windows directory 1 IoCs
  • Browser Information Discovery 1 TTPs

    Enumerate browser information.

  • System Location Discovery: System Language Discovery 1 TTPs 9 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Enumerates system info in registry 2 TTPs 3 IoCs
  • Modifies data under HKEY_USERS 2 IoCs
  • Modifies registry class 1 IoCs
  • Modifies system certificate store 2 TTPs 6 IoCs
  • Suspicious behavior: EnumeratesProcesses 2 IoCs
  • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 64 IoCs
  • Suspicious use of FindShellTrayWindow 53 IoCs
  • Suspicious use of SendNotifyMessage 24 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe
    "C:\Users\Admin\AppData\Local\Temp\OperaGXSetup.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:764
    • C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe --server-tracking-blob=ZmM3NDQzZGMwODNlZjc0MGUwZDJkMjc3MTc3OTRlMjVmM2RiN2NlZDFiNzY4MWZhY2JlYWI4MWJiMDRlOThjMDp7ImNvdW50cnkiOiJJVCIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOiJvcGVyYV9neCIsInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInRpbWVzdGFtcCI6IjE3MzE0MzAyMzQuNzQ3OSIsInVzZXJhZ2VudCI6Ik1vemlsbGEvNS4wIChXaW5kb3dzIE5UIDEwLjA7IFdpbjY0OyB4NjQpIEFwcGxlV2ViS2l0LzUzNy4zNiAoS0hUTUwsIGxpa2UgR2Vja28pIENocm9tZS8xMzAuMC4wLjAgU2FmYXJpLzUzNy4zNiIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhX0dYIiwibWVkaXVtIjoicGIiLCJzb3VyY2UiOiJ3cmsifSwidXVpZCI6IjhmMDkzMDlkLThmMmItNDY2Yi05OThlLTQ4ZTk2ZTcxNDhkYSJ9
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      • Enumerates connected drives
      • System Location Discovery: System Language Discovery
      • Modifies system certificate store
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:3304
      • C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe
        C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x338,0x33c,0x340,0x310,0x344,0x74828c5c,0x74828c68,0x74828c74
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1180
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • System Location Discovery: System Language Discovery
        PID:1544
      • C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe
        "C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --vought_browser=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=3304 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20241112165140" --session-guid=11b5cca8-bb7e-4c3e-bca5-412c863fcecf --server-tracking-blob="NTJkN2E0YjUzN2JkMDA4NjJkYzBmNjQ5ZDI5Y2NhZWJjOTI0Y2I4OGI0ZjA1NDk2NTJhZTE4Y2JlM2QzY2NmODp7ImNvdW50cnkiOiJJVCIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3dvcmsuaW5rLyIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFHWFNldHVwLmV4ZSIsInByb2R1Y3QiOnsibmFtZSI6Im9wZXJhX2d4In0sInF1ZXJ5IjoiL29wZXJhX2d4L3N0YWJsZS9lZGl0aW9uL3N0ZC0yLz91dG1fc291cmNlPXdyayZ1dG1fbWVkaXVtPXBiJnV0bV9jYW1wYWlnbj1PcGVyYV9HWCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjExIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTczMTQzMDIzNC43NDc5IiwidXNlcmFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEzMC4wLjAuMCBTYWZhcmkvNTM3LjM2IiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFfR1giLCJtZWRpdW0iOiJwYiIsInNvdXJjZSI6IndyayJ9LCJ1dWlkIjoiOGYwOTMwOWQtOGYyYi00NjZiLTk5OGUtNDhlOTZlNzE0OGRhIn0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=CC09000000000000
        3⤵
        • Executes dropped EXE
        • Loads dropped DLL
        • Enumerates connected drives
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2068
        • C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe
          C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.159 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x72238c5c,0x72238c68,0x72238c74
          4⤵
          • Executes dropped EXE
          • Loads dropped DLL
          • System Location Discovery: System Language Discovery
          PID:1908
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        PID:3960
      • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\assistant\assistant_installer.exe
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\assistant\assistant_installer.exe" --version
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:832
        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\assistant\assistant_installer.exe
          "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0xcd4f48,0xcd4f58,0xcd4f64
          4⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          PID:3976
  • C:\Program Files\Google\Chrome\Application\chrome.exe
    "C:\Program Files\Google\Chrome\Application\chrome.exe"
    1⤵
    • Drops file in Windows directory
    • Enumerates system info in registry
    • Modifies data under HKEY_USERS
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of WriteProcessMemory
    PID:4880
    • C:\Program Files\Google\Chrome\Application\chrome.exe
      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5105cc40,0x7ffa5105cc4c,0x7ffa5105cc58
      2⤵
        PID:1808
      • C:\Program Files\Google\Chrome\Application\chrome.exe
        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1800,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=1792 /prefetch:2
        2⤵
          PID:2116
        • C:\Program Files\Google\Chrome\Application\chrome.exe
          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=2084,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2140 /prefetch:3
          2⤵
            PID:3736
          • C:\Program Files\Google\Chrome\Application\chrome.exe
            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2176,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=2192 /prefetch:8
            2⤵
              PID:2944
            • C:\Program Files\Google\Chrome\Application\chrome.exe
              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3056,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3092 /prefetch:1
              2⤵
                PID:3912
              • C:\Program Files\Google\Chrome\Application\chrome.exe
                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3100,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3244 /prefetch:1
                2⤵
                  PID:3992
                • C:\Program Files\Google\Chrome\Application\chrome.exe
                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --field-trial-handle=4488,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=3520 /prefetch:1
                  2⤵
                    PID:2328
                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4444,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4224 /prefetch:8
                    2⤵
                      PID:1424
                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4308,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4340 /prefetch:8
                      2⤵
                        PID:716
                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4312,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4696 /prefetch:8
                        2⤵
                          PID:1608
                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4900,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4304 /prefetch:8
                          2⤵
                            PID:5100
                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4696,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4932 /prefetch:8
                            2⤵
                              PID:4508
                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4708,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5176 /prefetch:8
                              2⤵
                                PID:1920
                              • C:\Program Files\Google\Chrome\Application\chrome.exe
                                "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=4324,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4976 /prefetch:8
                                2⤵
                                  PID:3908
                                • C:\Program Files\Google\Chrome\Application\chrome.exe
                                  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5000,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4996 /prefetch:8
                                  2⤵
                                    PID:3324
                                  • C:\Program Files\Google\Chrome\Application\chrome.exe
                                    "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --extension-process --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --field-trial-handle=5028,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=4720 /prefetch:2
                                    2⤵
                                      PID:1924
                                    • C:\Program Files\Google\Chrome\Application\chrome.exe
                                      "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --field-trial-handle=4220,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5356 /prefetch:1
                                      2⤵
                                        PID:1580
                                      • C:\Program Files\Google\Chrome\Application\chrome.exe
                                        "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --field-trial-handle=5452,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5504 /prefetch:1
                                        2⤵
                                          PID:952
                                        • C:\Program Files\Google\Chrome\Application\chrome.exe
                                          "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --no-appcompat-clear --field-trial-handle=5400,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5500 /prefetch:8
                                          2⤵
                                            PID:3232
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=video_capture.mojom.VideoCaptureService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=5212,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5252 /prefetch:8
                                            2⤵
                                            • Modifies registry class
                                            PID:2556
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=5856,i,18202182159278714031,1114017811501395642,262144 --variations-seed-version=20241006-180150.222000 --mojo-platform-channel-handle=5860 /prefetch:8
                                            2⤵
                                              PID:2404
                                          • C:\Program Files\Google\Chrome\Application\chrome.exe
                                            "C:\Program Files\Google\Chrome\Application\chrome.exe"
                                            1⤵
                                            • Suspicious use of WriteProcessMemory
                                            PID:4628
                                            • C:\Program Files\Google\Chrome\Application\chrome.exe
                                              "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffa5105cc40,0x7ffa5105cc4c,0x7ffa5105cc58
                                              2⤵
                                                PID:3936
                                            • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
                                              "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
                                              1⤵
                                                PID:2136
                                              • C:\Windows\system32\svchost.exe
                                                C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
                                                1⤵
                                                  PID:2536
                                                • C:\Windows\system32\AUDIODG.EXE
                                                  C:\Windows\system32\AUDIODG.EXE 0x00000000000004D8 0x00000000000004E8
                                                  1⤵
                                                  • Suspicious use of AdjustPrivilegeToken
                                                  PID:3064
                                                • C:\Windows\system32\svchost.exe
                                                  C:\Windows\system32\svchost.exe -k LocalService -p -s NPSMSvc
                                                  1⤵
                                                    PID:3884

                                                  Network

                                                        MITRE ATT&CK Enterprise v15

                                                        Replay Monitor

                                                        Loading Replay Monitor...

                                                        Downloads

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat

                                                          Filesize

                                                          40B

                                                          MD5

                                                          79e90b79849ab24f7077995c4e45f1d5

                                                          SHA1

                                                          3dae744f25bcaa1b690d61b789a8b1e58a790953

                                                          SHA256

                                                          3d2a7a2b6c89618f30d26fd5dac9ff7d52d6cf1d3651fd7aaa1d1229464b1507

                                                          SHA512

                                                          6169379e245102bc4b1ff74bc2c7cf356f24fdef55e5f3f8a7323da36f6ca92f1ec38bf230cacecc89c33e12e1b201de417a570a998f31cb281bed3ae8f8deb1

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\BrowsingTopicsState

                                                          Filesize

                                                          649B

                                                          MD5

                                                          1d63541606fa8d23bac556e00e62beb0

                                                          SHA1

                                                          09203b72598b3cc6fc1279dd2fa8ad3f12b1eafc

                                                          SHA256

                                                          e1fcd3741f292b712fc06e866fa9df2b8ffe8be735dddfefb67d889abdd65a0d

                                                          SHA512

                                                          0ef18bf26301672af2e89ded8734c31342b361d10aca085e5b6fef78c68bcbfaee077a04a850b3b2c26b595e55a09f53c0a4fe0d816ea715050f7444e21324ab

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000008

                                                          Filesize

                                                          215KB

                                                          MD5

                                                          e579aca9a74ae76669750d8879e16bf3

                                                          SHA1

                                                          0b8f462b46ec2b2dbaa728bea79d611411bae752

                                                          SHA256

                                                          6e51c7866705bf0098febfaf05cf4652f96e69ac806c837bfb1199b6e21e6aaf

                                                          SHA512

                                                          df22f1dff74631bc14433499d1f61609de71e425410067fd08ec193d100b70d98672228906081c309a06bcba03c097ace885240a3ce71e0da4fdb8a022fc9640

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index

                                                          Filesize

                                                          1KB

                                                          MD5

                                                          62f65cca2dd688c131adb70e3367a40b

                                                          SHA1

                                                          e6821fc8a77ce44f55ba84fac8a20416977ddefb

                                                          SHA256

                                                          9a48966cf56729bd44cd64bff5986f5c1c010c32ebb60e8ecd0c577aca0ef8d5

                                                          SHA512

                                                          bfefbb2576f8ffb231b358118fcfc9a68f38ede4a35c0f4d08144cb4f4f3e8fe8abdac86a74098626f8ec258a65cee7730f24fe54522926791465a63719ac85e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\_locales\en_CA\messages.json

                                                          Filesize

                                                          851B

                                                          MD5

                                                          07ffbe5f24ca348723ff8c6c488abfb8

                                                          SHA1

                                                          6dc2851e39b2ee38f88cf5c35a90171dbea5b690

                                                          SHA256

                                                          6895648577286002f1dc9c3366f558484eb7020d52bbf64a296406e61d09599c

                                                          SHA512

                                                          7ed2c8db851a84f614d5daf1d5fe633bd70301fd7ff8a6723430f05f642ceb3b1ad0a40de65b224661c782ffcec69d996ebe3e5bb6b2f478181e9a07d8cd41f6

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.83.1_0\dasherSettingSchema.json

                                                          Filesize

                                                          854B

                                                          MD5

                                                          4ec1df2da46182103d2ffc3b92d20ca5

                                                          SHA1

                                                          fb9d1ba3710cf31a87165317c6edc110e98994ce

                                                          SHA256

                                                          6c69ce0fe6fab14f1990a320d704fee362c175c00eb6c9224aa6f41108918ca6

                                                          SHA512

                                                          939d81e6a82b10ff73a35c931052d8d53d42d915e526665079eeb4820df4d70f1c6aebab70b59519a0014a48514833fefd687d5a3ed1b06482223a168292105d

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\https_www.youtube.com_0.indexeddb.leveldb\CURRENT

                                                          Filesize

                                                          16B

                                                          MD5

                                                          46295cac801e5d4857d09837238a6394

                                                          SHA1

                                                          44e0fa1b517dbf802b18faf0785eeea6ac51594b

                                                          SHA256

                                                          0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

                                                          SHA512

                                                          8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

                                                          Filesize

                                                          7KB

                                                          MD5

                                                          75ef8f361f21fa4f4231609fbe2ebda4

                                                          SHA1

                                                          40af9daf2bcbc0c02d7d177c250db08e137cf024

                                                          SHA256

                                                          4c4eb44e82b677790736033e7a29e5be48bf580bd6e01be854d006f19cdb7fae

                                                          SHA512

                                                          408fbb9d92fc9f8337e307ed86067dd74c0ea50b30dc2b4c926198598affc73d3d8822fb6d9555c54721f5b0ffc2707f02c337e9ac8a028ceab68c09e5cc2b92

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

                                                          Filesize

                                                          2B

                                                          MD5

                                                          d751713988987e9331980363e24189ce

                                                          SHA1

                                                          97d170e1550eee4afc0af065b78cda302a97674c

                                                          SHA256

                                                          4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

                                                          SHA512

                                                          b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          859B

                                                          MD5

                                                          9f8e60e535621636a48c5d6c38edbaab

                                                          SHA1

                                                          237440c2ffa28622d9e85d9d934176a34baf2059

                                                          SHA256

                                                          196263fe44f0e5be4a32d335cd695de1a7f6432a2541283b190737d0b4741afb

                                                          SHA512

                                                          bf124e730511d5407d8b7cd68b57c1a03b237af49b01b0ad318297bef218e3486b72a3be466434e255200c0ba93aec20c51540c13a7dfd9efe2cf9ee9c46c423

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          356B

                                                          MD5

                                                          1e0521e108eba85d0ab0ea9d7abdc06e

                                                          SHA1

                                                          6c139939cbcf3b418ad395a60dde97ab7af14231

                                                          SHA256

                                                          04a622a79c097fe36b7e25d88ccbffd86ff3cb1128b75195e7241adf8baae014

                                                          SHA512

                                                          e2f1c5121c7a76c214723f5655612ca18f59c0d22c28f856553230d2349990ca2a45c2894b9524787c1442424aa1e71fe6cf508e726e5f82952be966c3796cd2

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity

                                                          Filesize

                                                          859B

                                                          MD5

                                                          c858a6db23b1e3c0435d346a69d51f54

                                                          SHA1

                                                          f3c6d555e0fba07aca06dccfe09694726cf0fee3

                                                          SHA256

                                                          4986c1c3ecd8da354ac49172bbb6d74871c285bef045a5725551e0e70b7226e4

                                                          SHA512

                                                          263439bfd3237bb77bc1e8d5e2c5c6e07c892eab1156000a96eb084bbf648996270b653cdfe8ebd563d045c1d2d7e31138767b0f314631021fa7e54b77551b66

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          10KB

                                                          MD5

                                                          8b3a8277cc2bcb9739320ddb7f46e3a7

                                                          SHA1

                                                          7cafcef44b859cbca897ec3dee2de304d4231b7c

                                                          SHA256

                                                          8121fbc08a58c7e049368ff7f3b6861d4127e40a70757ac8a84a150f29580f10

                                                          SHA512

                                                          110f2eefa9ea1b956d28fba669616157ec984bc27eb6f4a47062e07c429c0ad096157645ba32595b8713d9006520eee84b6794aa13bbfd74fab8ca318e664e23

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          10KB

                                                          MD5

                                                          dbb4f8bbf03df87daf6521dabcb085ef

                                                          SHA1

                                                          82cb79b286f3dce9cdf98c1be2ba610ddea81b3c

                                                          SHA256

                                                          58528821f09f260f4ea43b527955237258e48a582d56b4d968a153d525ad7c73

                                                          SHA512

                                                          3ea30aa3c688a0522991c0b2c892dfd6e2d5a0c2b887d1c392b322e459aab079c82ff781b46389c7dafd65902d62cf9e332ec622704db7a5b955aa07a26329c6

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          e4a9e14803c9c48aa7ee90cce603c992

                                                          SHA1

                                                          e89dc70a016bcedc199362aeffbc186c4c32db80

                                                          SHA256

                                                          b9738c802633c8d1d435567fe741100a713a21c8de7b40c11cbc3c1ce2b4a261

                                                          SHA512

                                                          00d1d34c2ae84b506d2b0ed8a273f3db6592ee4a0382944a3fc1b78ea53c69d96496cabdb8965490d69b5d2543cc0a62dac7bbafd6b8859eaf2e370874fd0403

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          9KB

                                                          MD5

                                                          222cfa2efad8b7a5de4032be69bce5b4

                                                          SHA1

                                                          ff2c8dc3c24e4f4ba90ae35cc4f8f2a4a8d5e726

                                                          SHA256

                                                          cf5435588aa3dc1c84fc39f7dae02e9f4fae5e7c65d5cb1a5db281446e09e5dc

                                                          SHA512

                                                          31e3095b83630d49d6bdffee22ad04cf23593ec7ddeebf9169df352dbeb904d7ca917a3bd98da61eaa860079f91e99be830f447635f2d17a1f435174bc040bcd

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          11KB

                                                          MD5

                                                          734ae290fd62d6a2b4d9804eab8ea4c8

                                                          SHA1

                                                          cd25e0d7f517d668f64f5e8a0c564976bae208d0

                                                          SHA256

                                                          75a2990c009f120299785aafadcfb7254423d1e3cd6eab723ad2cf8f502403c8

                                                          SHA512

                                                          cda6721a903768b2089d184d6377655ff7b98e9eeb5738728ddfb57fe74cc5118e731ee090c9a032953f5f54f44c2e4712379a589b5cb6da318707a4e32ab75b

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

                                                          Filesize

                                                          9KB

                                                          MD5

                                                          3706886f4650dd361abe7b3d40c335ac

                                                          SHA1

                                                          4a30ddc3a2cd6ec368fd0c12c98ec6ab22be878e

                                                          SHA256

                                                          f0c6449fb3c0f5fa84793d6aa71c0d4ff16132e0942899a978ba740ae6d9bedb

                                                          SHA512

                                                          5b38be61feeac39ba37145960a7ddabaa094e4fcb0aa66b1fba76d57b461563b727b3c2904909f4c52b60b8d70d8074d6fd077e241e26b82f219d7625bbd0e03

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences

                                                          Filesize

                                                          15KB

                                                          MD5

                                                          063b576d1590e628dbad86f8adec2165

                                                          SHA1

                                                          189fbea2f870bc2414bd33fbdc5688a2e0aa9203

                                                          SHA256

                                                          084c173b486b8f0a153559fe2f6212bc5aeb121be7391bf84d41e520633bc840

                                                          SHA512

                                                          52a2dc0f6c5864a28c157e6e0e85c067b472827cd6f4f173a7aeb861451286b47daaa2ce7da8dd1cfb3b7e364f64c04524acd97d6866f28ffd22c15fe069ac7d

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\238620e4-ae0b-44b4-8523-66b8cd0c3033\index-dir\the-real-index

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          781ba051cb20150ce2c6241558cc5183

                                                          SHA1

                                                          75345d0b679ba09e9d310bd4fb1e42868fc151c8

                                                          SHA256

                                                          daec1c2d2bdcf52ff1116937ce345a932f5fee355907c9f744ba5429a3a81da3

                                                          SHA512

                                                          f23591b49af4e915b8c4b0d573599f9ab632b95e7752895bbc262644f6e6d21164cca3535544d2702b3583e9a79b155a587bb60cc0a1851da36a3ccb3d1c3a75

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\238620e4-ae0b-44b4-8523-66b8cd0c3033\index-dir\the-real-index~RFe5a3162.TMP

                                                          Filesize

                                                          48B

                                                          MD5

                                                          4d39414607d0e795f303299d4a6d007c

                                                          SHA1

                                                          70eb26b1fea019237bf02a10eb35dd9c1e1f1533

                                                          SHA256

                                                          ddef3a127641c0ef3e91e9acf2ce9debf468c89a9c8e66e9b4674f7fdc5d646d

                                                          SHA512

                                                          a2586a685088d5bb3942b8ba06e7a0a4c3c7f42cc42bdf1b53b0d8268a106893d01baea07fc423f783a98abfe924ca68b50975329a1ccff497c8c69f9725de2b

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                          Filesize

                                                          176B

                                                          MD5

                                                          6e4c2723a13580e844e2cb085b86e717

                                                          SHA1

                                                          5e207e87047771c178445f81c954987b20ae6f68

                                                          SHA256

                                                          9bf0032f1de91048016657958ebcb1bbe1a6d97482312f8b9719c27d33493155

                                                          SHA512

                                                          e1d1d2dc3c3ba10c91297c7bb448d98039919d44e7225d34131b523613699a58bfcaad73a1392d415da70618b398d1eccc535ef939ad73c73d366c0f9e3cd24e

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                          Filesize

                                                          112B

                                                          MD5

                                                          a9f8380be6d4e0d9e2080a83dccf8426

                                                          SHA1

                                                          742df85f8bc92dec293eec9bc31edbd6c8b47e72

                                                          SHA256

                                                          9720488f5a151dbd29396cc68e7dcd5ccae7ab1bce5e96d51ffa19c1acab2a01

                                                          SHA512

                                                          e33db7caedefc784a14f80d7434c7e3938243387dcebd5e0eadc7ee7efd7d93fa77cfa2cf0652b150a41c5ebfca90d538508cc62d7ef5cd7a39b9c672e306a85

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt

                                                          Filesize

                                                          114B

                                                          MD5

                                                          52000480551c245c37661d89a7da8cc9

                                                          SHA1

                                                          44509f62c1eb13fe05f331a5380039318b0b2200

                                                          SHA256

                                                          55a0162e383a7f9de8d39ac0c24240cc8e37b4ea57630ee1b774192625c08df3

                                                          SHA512

                                                          24a7616e6887e7f77b82ea44b6341c8b8283c7a7d62ed033f9b405467f1e0f30509089f0c38dc71352365e6c62cb456b68cff68076fbf6d96ef80d976d1d1a1f

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe59a677.TMP

                                                          Filesize

                                                          119B

                                                          MD5

                                                          2283afdcdae5dc663dfd4b66309786b7

                                                          SHA1

                                                          0058925f459d181434437c55f6759928f37ed915

                                                          SHA256

                                                          6007c3092f10ef9d3dfb7369a52706bc497a9103cfd197c625716fd45307f32d

                                                          SHA512

                                                          86bf6a582b507701dc007d06397cd9520837103b6dfd1ecf6bffdae6026fe955a9677701806ea3200c0265247286db3f9e7b2378c83858273196e3e45711a4e2

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                          Filesize

                                                          72B

                                                          MD5

                                                          926441f564e012e270225584be52b5fb

                                                          SHA1

                                                          9df6072552e54eb281508aea4dcf88793457aa4e

                                                          SHA256

                                                          f9108ccfea1e7cd95cf8d6122711e496837459d249c0b9fe1e166fde43614e27

                                                          SHA512

                                                          49b3949b24bfe2d4ea38ac603bc908d0e9fcc6c335fe5e7bf4d681990802b22602afc4d9b5624bb87b01e529a5925fb9c5a08a02b109c4b5e3c5dab0cdeceffe

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

                                                          Filesize

                                                          96B

                                                          MD5

                                                          9fe701e47001308639654ca5cde78c77

                                                          SHA1

                                                          71074b3bc9d4d489026f34ad592c571d1bf9bd47

                                                          SHA256

                                                          ff210041b18182557e5cc1ba906a894b26cb5b0a803ac33a0fec9ab2b7c36b80

                                                          SHA512

                                                          c528c3721ff18af9d0c1c98de6b2fa8dec92343773c3396f7b53be6cf22f6fac81c7dea4c9a798ee85985e2b177d9b79f0d56896472c10fe80deaace243b79f9

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4880_604994863\Shortcuts Menu Icons\Monochrome\0\512.png

                                                          Filesize

                                                          2KB

                                                          MD5

                                                          206fd9669027c437a36fbf7d73657db7

                                                          SHA1

                                                          8dee68de4deac72e86bbb28b8e5a915df3b5f3a5

                                                          SHA256

                                                          0d17a989f42bc129aca8e755871a7025acb6292ce06ca2437e95bedbc328fa18

                                                          SHA512

                                                          2c89878ec8466edf1f214d918aefc6a9b3de46d06ffacff4fdb85566560e94068601b1e4377d9d2eabefdc1c7f09eb46b00cf4545e377cc84a69edf8e57e48b2

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Web Applications\Temp\scoped_dir4880_604994863\Shortcuts Menu Icons\Monochrome\1\512.png

                                                          Filesize

                                                          10KB

                                                          MD5

                                                          529a0ad2f85dff6370e98e206ecb6ef9

                                                          SHA1

                                                          7a4ff97f02962afeca94f1815168f41ba54b0691

                                                          SHA256

                                                          31db550eb9c0d9afd316dc85cdfd832510e2c48e7d37d4a610c175667a4599c6

                                                          SHA512

                                                          d00e2d741a0a6321c92a4aab632f8f3bafd33c0e2875f37868e195ed5e7200a647b4c83358edcef5fc7acbc5c57f70410903f39eac76e23e88a342ac5c9c21cd

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          232KB

                                                          MD5

                                                          ae0145640f15bfc30d991b38715a589d

                                                          SHA1

                                                          ee9efbbc9ab28076ef4e397d163882e27cbcc314

                                                          SHA256

                                                          e28337230b1253afdce4a535850208918842a9f73c9a8eb556042735231414c8

                                                          SHA512

                                                          8c0e70a4c57a181c38ad3692830fc5c57a5985d31855801e87b65cfd7d147e35505c843d6c13c89cc9c37ed919ad78ce4948ac28b9f9bb45cb312e2325829fca

                                                        • C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

                                                          Filesize

                                                          232KB

                                                          MD5

                                                          dd271e62b0917e51cfa3eea08424b5a5

                                                          SHA1

                                                          693c8db9ba033364edc5a528a2940187963fd642

                                                          SHA256

                                                          69237207882afa1da44adc89501e00786d41d4d383962fbc46c71a00d3c59f55

                                                          SHA512

                                                          c6c37c000a59faf3e992a0ff080336a0b6f2af39a6cd498fad185e9eb8819fa9b78b64b2017dd0a06f058ae7f78f3a6e2dc1f11f13314bcde62be993461c7dcd

                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\additional_file0.tmp

                                                          Filesize

                                                          1.4MB

                                                          MD5

                                                          e9a2209b61f4be34f25069a6e54affea

                                                          SHA1

                                                          6368b0a81608c701b06b97aeff194ce88fd0e3c0

                                                          SHA256

                                                          e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

                                                          SHA512

                                                          59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

                                                        • C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411121651401\assistant\assistant_installer.exe

                                                          Filesize

                                                          1.8MB

                                                          MD5

                                                          4c8fbed0044da34ad25f781c3d117a66

                                                          SHA1

                                                          8dd93340e3d09de993c3bc12db82680a8e69d653

                                                          SHA256

                                                          afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

                                                          SHA512

                                                          a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

                                                        • C:\Users\Admin\AppData\Local\Temp\7zSCF236DE7\setup.exe

                                                          Filesize

                                                          6.5MB

                                                          MD5

                                                          dcc0d15e77a7872758e65deb0bfc6745

                                                          SHA1

                                                          1efb89e143bf5edd34d46ae8370ecc13d4c3339f

                                                          SHA256

                                                          87a168a04a254b1cf1adfe732e8b7b08d5c3e76ddca4e8b7fb4e58ebef85fe64

                                                          SHA512

                                                          9cb972bcd99fd03a924bbff79e8989a040d1202a77c9d8f62ea862cc6b1d258778410ad9a4de5f2aab43062f5e9fe17d7ab9baa000de98d22a47f1471d1de778

                                                        • C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411121651389673304.dll

                                                          Filesize

                                                          6.0MB

                                                          MD5

                                                          1b07ce60bc1c77f0cadf13c2e62b1383

                                                          SHA1

                                                          ca70d0ef99ae5d1ebf85880ee669ad1145e4d79d

                                                          SHA256

                                                          e48eb19ca0210f9063f4e77c2f14293ee940eeaef2ecb9efceac7f6336cc203f

                                                          SHA512

                                                          94c358b6dfef0fcb0012a3a43235292b18ebf897043baef0c110570e91cc73721b12f1f771df6d000b4097f3c0cc22dcc65330a9153c7a9643787d24da6108f0

                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir4880_1534442604\14484b76-6ea9-42e9-9bef-20d0249cecb7.tmp

                                                          Filesize

                                                          132KB

                                                          MD5

                                                          da75bb05d10acc967eecaac040d3d733

                                                          SHA1

                                                          95c08e067df713af8992db113f7e9aec84f17181

                                                          SHA256

                                                          33ae9b8f06dc777bb1a65a6ba6c3f2a01b25cd1afc291426b46d1df27ea6e7e2

                                                          SHA512

                                                          56533de53872f023809a20d1ea8532cdc2260d40b05c5a7012c8e61576ff092f006a197f759c92c6b8c429eeec4bb542073b491ddcfd5b22cd4ecbe1a8a7c6ef

                                                        • C:\Users\Admin\AppData\Local\Temp\scoped_dir4880_1534442604\CRX_INSTALL\_locales\en_CA\messages.json

                                                          Filesize

                                                          711B

                                                          MD5

                                                          558659936250e03cc14b60ebf648aa09

                                                          SHA1

                                                          32f1ce0361bbfdff11e2ffd53d3ae88a8b81a825

                                                          SHA256

                                                          2445cad863be47bb1c15b57a4960b7b0d01864e63cdfde6395f3b2689dc1444b

                                                          SHA512

                                                          1632f5a3cd71887774bf3cb8a4d8b787ea6278271657b0f1d113dbe1a7fd42c4daa717cc449f157ce8972037572b882dc946a7dc2c0e549d71982dcdee89f727

                                                        • C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                          Filesize

                                                          40B

                                                          MD5

                                                          37b5ef50ad23b49623a993fa93b53d9a

                                                          SHA1

                                                          ab221638904467e8aaede3b4d64d6f23057bfa42

                                                          SHA256

                                                          1673c6c18f956cf4fa720cc39d9bcfe08bcd7d0f184526a2d8cabca33055c30b

                                                          SHA512

                                                          a0682c0d4737a9faf248a262b2ff6543135875eb3908bac65b1a59fa3635983cebfce8a1b864f816a2cf2ed5f1b6edd4856b53c5ca5d6b41103ab9d81703d56d

                                                        • C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

                                                          Filesize

                                                          40B

                                                          MD5

                                                          acfba93e6f682b392831e0f454ee6d35

                                                          SHA1

                                                          3ff448a32aeaf03e3dabd998ef2770cdd315fe38

                                                          SHA256

                                                          244f63b38673425f2eda1fdbc5d1c8360dbeaf797ae798feebf672a10c8c15a8

                                                          SHA512

                                                          ee4d83b10153ea02f90a2b725e2fc47964f0e54d22d32bbdc77119e2943322ceaac2f3901266a73f516739941d4ebee59131b853ac3ae347099d6b80ee7109d6