649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d

Analysis

max time kernel
138s
max time network
147s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 07:44

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Size

5.1MB
MD5

79ea00621cbe28699d5a570f8dbd1a03
SHA1

df0f63566bdec5ce2c27b2c7b99d71d9202241b1
SHA256

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d
SHA512

8562f68c7e7fce3f54b92276baeead6f93dfb8d3d84a0627481333c319c52b422dee32ef2bc71dd2ea6e0bbb9a73fd438eb9bb9a0584346945c5af4c04b093e2
SSDEEP

98304:80NFx6666666666666666666666666666666x666666666666666fwwwwwwwwwwM:NPMki6zio75L3pf3dedO4keCIwkoYbgs

Score

8^/10

discovery spyware stealer

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

Processes:

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exeAssistant_114.0.5282.21_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
4892	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
2852	Assistant_114.0.5282.21_Setup.exe_sfx.exe
1964	assistant_installer.exe
1504	assistant_installer.exe

Loads dropped DLL 9 IoCs

Processes:

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exeassistant_installer.exeassistant_installer.exe

pid	process
3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
1852	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
4892	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
2376	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
2240	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
1964	assistant_installer.exe
1964	assistant_installer.exe
1504	assistant_installer.exe
1504	assistant_installer.exe

Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003

Enumerates connected drives 3 TTPs 4 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

Processes:

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

description	ioc	process
File opened (read-only)	\??\D:	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
File opened (read-only)	\??\F:	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
File opened (read-only)	\??\D:	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
File opened (read-only)	\??\F:	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 8 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exeAssistant_114.0.5282.21_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Assistant_114.0.5282.21_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 5 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 637589.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 637589.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 10 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exe

pid	process
3792	msedge.exe
3792	msedge.exe
4032	msedge.exe
4032	msedge.exe
5296	identity_helper.exe
5296	identity_helper.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe
4200	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 9 IoCs

Processes:

msedge.exe

pid process

4032 msedge.exe
4032 msedge.exe
4032 msedge.exe
4032 msedge.exe
4032 msedge.exe
4032 msedge.exe
4032 msedge.exe
4032 msedge.exe
4032 msedge.exe

Suspicious use of FindShellTrayWindow 49 IoCs

Processes:

msedge.exe

pid	process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe
4032	msedge.exe

Suspicious use of SetWindowsHookEx 3 IoCs

Processes:

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

pid	process
3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exemsedge.exe

description	pid	process	target process
PID 3944 wrote to memory of 1852	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 1852	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 1852	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 4892	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 4892	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 4892	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 2376	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 2376	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 2376	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 2376 wrote to memory of 2240	2376	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 2376 wrote to memory of 2240	2376	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 2376 wrote to memory of 2240	2376	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
PID 3944 wrote to memory of 4032	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	msedge.exe
PID 3944 wrote to memory of 4032	3944	649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe	msedge.exe
PID 4032 wrote to memory of 948	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 948	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3192	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3792	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 3792	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 4916	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 4916	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 4916	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 4916	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 4916	4032	msedge.exe	msedge.exe
PID 4032 wrote to memory of 4916	4032	msedge.exe	msedge.exe

C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
"C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe"
1⤵
- Loads dropped DLL
- Enumerates connected drives
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3944
- C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
  C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.80 --initial-client-data=0x2ac,0x2b0,0x2b4,0x2a8,0x2b8,0x756ee1d0,0x756ee1dc,0x756ee1e8
  2⤵
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1852
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:4892
- C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
  "C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --show-intro-overlay --server-tracking-data=server_tracking_data --initial-pid=3944 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20241121074436" --session-guid=f59f5d07-6d43-40f2-a672-54234f754309 --server-tracking-blob="NjFkODk4ZWJjMmNmNGQ1YjllMzkyYmJlMjJiYmQ5MDY3ZjdhY2U0Y2Y1NWMzYTQwM2Q2Zjk0N2YzZTU1NDA1Yzp7InByb2R1Y3QiOnsibmFtZSI6Ik9wZXJhIn0sInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fX0= " --desktopshortcut=1 --wait-for-package --initial-proc-handle=0809000000000000
  2⤵
  - Loads dropped DLL
  - Enumerates connected drives
  - System Location Discovery: System Language Discovery
  - Suspicious use of WriteProcessMemory
  PID:2376
- - C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe
    C:\Users\Admin\AppData\Local\Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=109.0.5097.80 --initial-client-data=0x298,0x29c,0x2a0,0x274,0x2a4,0x72c0e1d0,0x72c0e1dc,0x72c0e1e8
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:2240
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://download.opera.com/download/get/?partner=www&opsys=Windows&utm_source=netinstaller&arch=x64
  2⤵
  - Enumerates system info in registry
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:4032
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x120,0x124,0x128,0xfc,0x12c,0x7ffc538746f8,0x7ffc53874708,0x7ffc53874718
    3⤵
    PID:948
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1984 /prefetch:2
    3⤵
    PID:3192
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2456 /prefetch:3
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:3792
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2628 /prefetch:8
    3⤵
    PID:4916
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3436 /prefetch:1
    3⤵
    PID:2884
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3444 /prefetch:1
    3⤵
    PID:2716
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4924 /prefetch:1
    3⤵
    PID:2332
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4036 /prefetch:1
    3⤵
    PID:2972
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2520 /prefetch:1
    3⤵
    PID:3160
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5504 /prefetch:1
    3⤵
    PID:4576
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5864 /prefetch:1
    3⤵
    PID:832
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5920 /prefetch:8
    3⤵
    PID:4828
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6364 /prefetch:8
    3⤵
    PID:3752
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
    3⤵
    PID:5280
- - C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6880 /prefetch:8
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:5296
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4772 /prefetch:1
    3⤵
    PID:5552
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4756 /prefetch:1
    3⤵
    PID:5560
- - C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
    "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1972,7916863858286861785,7178271017556134444,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2192 /prefetch:2
    3⤵
    - Suspicious behavior: EnumeratesProcesses
    PID:4200
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\Assistant_114.0.5282.21_Setup.exe_sfx.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:2852
- C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\assistant_installer.exe
  "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\assistant_installer.exe" --version
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  PID:1964
- - C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\assistant_installer.exe
    "C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=114.0.5282.21 --initial-client-data=0x220,0x224,0x228,0x1fc,0x22c,0x2617a0,0x2617ac,0x2617b8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    PID:1504

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4828

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:4292

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
719182e07998ae9226d45680aa1fe178

SHA1
8f8b03c110c129cb3a35841ed959de7a7266ffec

SHA256
8f1d64c2c4dbb6ca892083e4b4a8bdb4585597e1269c218340c6b12517bb3dbe

SHA512
2df474f0ac4d1ef93b14deda32c5476da130bc41f37c0a5cd0c271c990914613c3c788116a4b87d44876695f71e5a131847fdf96d609364c06cb2f5ed6ce76a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
1KB

MD5
636d24ca5006f3f32739bc8191fb9c74

SHA1
119aa921ad39d573fc20426a9ab2b69119898e91

SHA256
4c54361c924f6367ec3f033de977085d0d10e75cc0f572fc58161203b6b4cab8

SHA512
f1bc01f87d92022a061f341eca07d1f6b34019e14d0213ee2662ac344424da8f86587da778c30f028940af45a764351901b23c894de786c31727dafb9acebb41

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

Filesize
727B

MD5
961c6fd1ebdd8d866261ff79f7413fe5

SHA1
b281f2d1cb16c339ef4806093b0cc9b8db5b6f28

SHA256
2a10bcfaa4721da5e788cd2c4dddb55829aa6e909f7b910d3d202a49ff964505

SHA512
53ef424c29f9c14b6a5a5e20fb2799ee506707cdb124c50f0859d814b328a3835155044be882ff3f842eabb941cdff10c1af24f90e6277ea30325003312a866c

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
4f2f44acff5c280ecd26b5e7144aff24

SHA1
d542052f27cf058cd2bd7d74e75deb8a009bb334

SHA256
c9725747ce7f281ac09f3a2287a236369b00e99f310eb837c45b2b4f66b82030

SHA512
33d4fcb341e625103b16af3f7b37f4fed5e8d56256980e341fff71356d1a1296192741b96be97de703d8f54af24e3438d0a514edb621ee6e42b1dc4d79089d45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
471B

MD5
2aaf11132879d8c2b42f57465f854abf

SHA1
cba36bc4067f4c8a6cc14b50a24b51142432c5e1

SHA256
18bbafb9e2a6ad48027495efa487c47c179933cc2cd92c923c191207bd101172

SHA512
1d370c979d7513aac4abb79ecd2650da180e07335547b997c0a26a3f4a8bfa9851710f82c7e1b3b16baaa01433422151d0af940e4ae0e08ff65e888c5ef5cc93

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
126240c6d9b9bcdb7d2818da3471a124

SHA1
4dd905461b908537e3205f0f547f37fd8566ef21

SHA256
bfd9578d2876ab65b8759cfef43b34cf81d5e40fe2c284704c2420fb5c9404bd

SHA512
60cf83f94815264591d4e0dfe1d7379b7db63de42271ab135d393d5109cdb492d6638f20f95df5f3b9e1740a1061a9aed702ccafc59d9c5259042d4e7ccf6e58

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\6BADA8974A10C4BD62CC921D13E43B18_28DEA62A0AE77228DD387E155AD0BA27

Filesize
408B

MD5
d3db4fefa6b07e16f270c2cba732898c

SHA1
654edfb38895f76318eb7e3920b1447b118363fb

SHA256
4d85dc4048a8da71b8f93a20328c60cf10b39b546914935ca10031f2326fa8e0

SHA512
21202558fa52596732c7a3506259b435334e782e4fbfa3480448e1b09b7ee70d72c51a3b1e630ee8f8ebe709e8d78b9d59818e50e1e2cafd19c5a6437b95e25d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_0F90096E7DCB862ED66CE39084FC7811

Filesize
412B

MD5
8017dc9ce3d33c41ed6d9826a33eb402

SHA1
d7ec44337b34c5e046074960c96432b31eb78152

SHA256
b6f7f602a8a761e1b35d716a2523d40901b51eb461573d9b0fabac087ad597d2

SHA512
7284b6be8e836553385144b77238ec66b97d8356c9e114e5d62140caa73ab659f06ead40b2a3849d0c58bb7dc23a451b1d51f133b2003d9c1939179be80d0e9a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
ded1a7bdd07f6c5337a18732580a03be

SHA1
27c27030b64c265929649c5770f623464838a621

SHA256
061d2c9b0f442dd5225fed8d6651336387815114f3329783914bab79855dea48

SHA512
5e3d75f7d1402826620f7dac573000748a363073cc3cd555ddc789eea199622c32461de7b98795b8d7eb9d80655b7b243e5dba29b89e29afb27f981434dd2d99

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\E2C6CBAF0AF08CF203BA74BF0D0AB6D5_49536AB5156BDD74EFF881D01C36A419

Filesize
412B

MD5
041dd66d18eefca948906d596f762e25

SHA1
72c48eeb6c13d61c46cbf9fd9bf5b272ef7ea53b

SHA256
02b0e45d672dab8e5d08f713a21b64275bc39dd97ba1931ce20f0ad88ee99067

SHA512
a52991617c271a010afd5a602d8b97d4e98c3298450af2274779264e4962668dc6b896185e7031284bb4ee03e872570897bde0b3eab146db0addf8b0f8672411

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
e443ee4336fcf13c698b8ab5f3c173d0

SHA1
9bf70b16f03820cbe3158e1f1396b07b8ac9d75a

SHA256
79e277da2074f9467e0518f0f26ca2ba74914bee82553f935a0ccf64a0119e8b

SHA512
cbf6f6aa0ea69b47f51592296da2b7be1180e7b483c61b4d17ba9ee1a2d3345cbe0987b96f4e25de1438b553db358f330aad8a26e8522601f055c3d5a8313cdd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
56a4f78e21616a6e19da57228569489b

SHA1
21bfabbfc294d5f2aa1da825c5590d760483bc76

SHA256
d036661e765ee8fd18978a2b5501e8df6b220e4bca531d9860407555294c96fb

SHA512
c2c3cd1152bb486028fe75ab3ce0d0bc9d64c4ca7eb8860ddd934b2f6e0140d2c913af4fa082b88e92a6a6d20fd483a1cb9813209f371a0f56374bc97d7f863b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
240B

MD5
77350dfbd79b47d807473944d8d665aa

SHA1
bae23ac692276c4e0bcd1c03702dc2d0dca542f6

SHA256
7e40a335f9d8cb81880ff5447ff604485dbfc1ec02a5c22de8ee07930c511b36

SHA512
070c87650d3b34834b0a0ded1e7193404c4920ce1435f59c301fc6a9da4ba03564c423f7f1420ade8915c27390c8ddce538f1c58b4db7d9bb62a3ee54c2937ce

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
1KB

MD5
dd4e3c71e64af9cc8259facab0956674

SHA1
d71db774cdca22c20bceeccffa9f79af5f235831

SHA256
bf8dba50336c0869a288706fee4287e09a130a3d9fed3c217ab953caf29c911c

SHA512
5706aab33e2972208cd73e9f6221e011da04be66ed7a242b938a4c69e6b7819a11764a84a41b0781e7f626ecb0f5ea5910576433abdbcd87cb156c99c82df07a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
4547c8b11758972d05b21faa1b87983e

SHA1
b8300b418a4d0002122e72f784088abc9640755b

SHA256
6df8500dec616f5740fcb7624da418d9da57decccaced20a6e4b859a11c512ec

SHA512
bb641ecfe343798c5dd48028857a44030f4c50fd505667191dfa0bfc4403d2ec0e4ab5b6e11c6a546834d9ddb688e97e45163f492115553331fb0d9fad66ccfb

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
fba516ae78b5b7e0e42b92f1f677a3e7

SHA1
7c596666c27970bea19072012f8a27fe7a04ab81

SHA256
4665069321141ef9b0ef027a1252f2b908d902f946f207f18525d847bd579bec

SHA512
f14c654c897a94368ea5ca879764c0669e6f32a0911db20388b62b6c2831f54c212828146e7c68fdc8211794785550dbaa91249c5a5001a1d9fa02d7726af5c3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
661c242f4b90b8cf7e39981df1209981

SHA1
b92a6fc827236ccebbb18ab3fe50984bc1aa9c91

SHA256
c2ac7efb95e469c093f59a280acfa6fb768de3acc33ddf94fc73bc9b27c7f233

SHA512
368a85b270dbf74c872e3b4665b40b65a3e498d1611b82cfd878d8f814b307ce6aadaa58ad19a13b3f8e71493f6f9b7ce05e840cb3eab7794b4ca9aa8762ce99

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5868d7.TMP

Filesize
48B

MD5
279f26f01ba902ceb4d88eff35ce4fea

SHA1
c133853279170c3e00ae89e88856275a62877a21

SHA256
b87ba51bbc825ca7316322ba9614e6b06bf4bde137d066fb148e7b91d93c9ef6

SHA512
84e28b16f443343470cee57f07161e4836f144c8b1bfc9082f93e5ef6fe525b78eee6ca59777250c49d3e61f9a258e1a19f535a99e2222a78ac1ec860d7bbd34

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
5b3b3adf0d303e67608b6ddd25396d63

SHA1
08abbf41ee9fb075e48bc4ef0491c226fb51785a

SHA256
92445f544eebe22ff667370b9be9e33f89f487f26d27e9a086c44c6260bc6521

SHA512
a5898abc1b6ff8a7dfa3248ddeed0a24a373fb2b2a015d2c6943f795ce116a939514ee501e3beb39685e70471d26d3aa1802cb39a1b7279ff9cbce1605dc093a

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
19d7a5ef771d488138e895d94e4673db

SHA1
b743886e67352fe23b4c692b72d8555a3f74ded0

SHA256
50e320520cc2334f57b6fec392192d03ada2bfd97c0ac6829ed2ea6e921ec8cb

SHA512
92221861df8084b057acb26f75b636ad54687059e8a5193f5c1f0f15e35b47ed1c1a841e6ccf7d22a012c3239d89cdbba122dde4a1afa924238f6f0880516bb9

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d.exe

Filesize
5.1MB

MD5
79ea00621cbe28699d5a570f8dbd1a03

SHA1
df0f63566bdec5ce2c27b2c7b99d71d9202241b1

SHA256
649094066fe12b92218e5f02f69e1a033d7a7e3303972af8a12bdbd76947466d

SHA512
8562f68c7e7fce3f54b92276baeead6f93dfb8d3d84a0627481333c319c52b422dee32ef2bc71dd2ea6e0bbb9a73fd438eb9bb9a0584346945c5af4c04b093e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\additional_file0.tmp

Filesize
2.7MB

MD5
be22df47dd4205f088dc18c1f4a308d3

SHA1
72acfd7d2461817450aabf2cf42874ab6019a1f7

SHA256
0eef85bccb5965037a5708216b3550792e46efdfdb99ac2396967d3de7a5e0c8

SHA512
833fc291aacecd3b2187a8cbd8e5be5b4d8884d86bd869d5e5019d727b94035a46bb56d7e7734403e088c2617506553a71a7184010447d1300d81667b99310c7

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\assistant_installer.exe

Filesize
2.0MB

MD5
3b103a9ba068fb4f932d272d19f5619f

SHA1
8270adf6a18d0101ce54afb77179d55a78a35fc7

SHA256
7e9f5f137372bf9e13383dc06c71139d92a4a7efcb5c64c570311999ecafab15

SHA512
83011d2315dfdd8838d62b66f576259882033e28e58ffb1931f97bb0a105cce5f03a4ca6c1de88611876d038f7e2ca7be626d4e0fb689d1ed8c99c6ce9adda4e

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\dbgcore.dll

Filesize
166KB

MD5
612a3bebcf72256296103e034ace0236

SHA1
4e722e00e3294194224ae348477e3898c01b47b3

SHA256
3e20d38b7f1ab5dcbb1057f06f4dabf64e57b71d12a7335b4c5601b5b4a6047c

SHA512
dde0aabbe0905408c8df74fb51232b322e233dc43fc34f4ddac9a5e626359d7e4948d41f3fcbb95f0a635cbd229953757ba456a095b2b3523bb7a851663e6302

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202411210744361\assistant\dbghelp.dll

Filesize
1.7MB

MD5
3f68b6ab3dcfd45911952ed4f5d75197

SHA1
c24c63d36a26f2320ae1c70b282769fae1e18b48

SHA256
e2f7ff92d8b959239e535b1824eac0bcf21b3134418a7b0411fa0c92ab6259e4

SHA512
5e6e031c5b802f667dc846f5dddd3c3ff5ad810b6274633bf519aa07d6a4eb7cd1c810b04f9fd552e0f6c7bb7285db0d3dc64b7a5690899583ae30bdc4e3c09f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411210744345423944.dll

Filesize
4.6MB

MD5
726b3a92314e4a53885ee7a9aeb63c94

SHA1
7666e25eb08aacd358f4dd7d248b31416847ecda

SHA256
76e890192c88e65aec6cc8319167bc9432d67a575ccdf6de0532eee141b61d9f

SHA512
bbcc6fab983e4b4aa9715e3e17d2a698f475137e32540fb2dc5c2bfc8fced699aa80d9338e033862da2eb2a60852a7d788099290e06ac37a18fa225b27388c68

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

Filesize
40B

MD5
bb9500ee251beedfe422e3a9be793c85

SHA1
e7845edc585aca57511e3419567d95e82a751dea

SHA256
ef3aed5d0bce70b1a6428b7fb30d2bd3d8a4867c086135ca22a831a0b5988a13

SHA512
06b5a2e57dac71db68e861f1bbffdb9a18e610b2f319372df29d729ec3f7b275a2ec8ef94ec1058d3a1992abc1fd9a0da3e046de00f16abb69e6d7bce267a034

Download Submit
\??\pipe\LOCAL\crashpad_4032_PILQRCRYISOXZQVO

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit