hxxps://exloader[.]net/

Analysis

max time kernel
1158s
max time network
1192s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
21-11-2024 10:45

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://exloader.net/

Score

8^/10

discovery phishing spyware stealer

Malware Config

Signatures

Downloads MZ/PE file
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing
A potential corporate email address has been identified in the URL: [email protected]
phishing

Executes dropped EXE 7 IoCs

Processes:

OperaGXSetup.exesetup.exesetup.exesetup.exeOpera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exe

pid	process
5800	OperaGXSetup.exe
5952	setup.exe
6024	setup.exe
6116	setup.exe
5588	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
5636	assistant_installer.exe
5668	assistant_installer.exe

Loads dropped DLL 3 IoCs

Processes:

setup.exesetup.exesetup.exe

pid process

5952 setup.exe
6024 setup.exe
6116 setup.exe
Reads user/profile data of web browsers 3 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Credentials from Web Browsers
T1555.003
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

setup.exe

description ioc process

File opened (read-only) \??\D: setup.exe
File opened (read-only) \??\F: setup.exe
Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

pid	process
5952	setup.exe
6024	setup.exe
6116	setup.exe

description	ioc	process
File opened (read-only)	\??\D:	setup.exe
File opened (read-only)	\??\F:	setup.exe

System Location Discovery: System Language Discovery 1 TTPs 7 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

Processes:

setup.exesetup.exesetup.exeOpera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exeassistant_installer.exeassistant_installer.exeOperaGXSetup.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	setup.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	assistant_installer.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	OperaGXSetup.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

msedge.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

Modifies system certificate store 2 TTPs 6 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

Processes:

setup.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b9030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	setup.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a	setup.exe

NTFS ADS 1 IoCs

Processes:

msedge.exe

description ioc process

File opened for modification C:\Users\Admin\Downloads\Unconfirmed 741556.crdownload:SmartScreen msedge.exe

description	ioc	process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 741556.crdownload:SmartScreen	msedge.exe

Suspicious behavior: EnumeratesProcesses 12 IoCs

Processes:

msedge.exemsedge.exeidentity_helper.exemsedge.exemsedge.exe

pid	process
3840	msedge.exe
3840	msedge.exe
5004	msedge.exe
5004	msedge.exe
3116	identity_helper.exe
3116	identity_helper.exe
5408	msedge.exe
5408	msedge.exe
6092	msedge.exe
6092	msedge.exe
6092	msedge.exe
6092	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 14 IoCs

Processes:

msedge.exe

pid	process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of FindShellTrayWindow 44 IoCs

Processes:

msedge.exe

pid	process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

msedge.exe

pid	process
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe
5004	msedge.exe

Suspicious use of SetWindowsHookEx 1 IoCs

Processes:

setup.exe

pid process

5952 setup.exe

pid	process
5952	setup.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

msedge.exe

description	pid	process	target process
PID 5004 wrote to memory of 3720	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 3720	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 1604	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 3840	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 3840	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe
PID 5004 wrote to memory of 512	5004	msedge.exe	msedge.exe

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --start-maximized --single-argument https://exloader.net/
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:5004
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffcbe0046f8,0x7ffcbe004708,0x7ffcbe004718
  2⤵
  PID:3720
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2140 /prefetch:2
  2⤵
  PID:1604
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2228 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3840
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2900 /prefetch:8
  2⤵
  PID:512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3284 /prefetch:1
  2⤵
  PID:2284
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3296 /prefetch:1
  2⤵
  PID:4356
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
  2⤵
  PID:5112
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5712 /prefetch:1
  2⤵
  PID:4348
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5752 /prefetch:1
  2⤵
  PID:4020
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  PID:3912
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6212 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5012 /prefetch:1
  2⤵
  PID:1420
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5488 /prefetch:1
  2⤵
  PID:2524
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5140 /prefetch:1
  2⤵
  PID:3876
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5776 /prefetch:1
  2⤵
  PID:2868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6420 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6624 /prefetch:1
  2⤵
  PID:4980
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6636 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6472 /prefetch:8
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5928 /prefetch:8
  2⤵
  PID:3988
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6848 /prefetch:1
  2⤵
  PID:4896
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6012 /prefetch:1
  2⤵
  PID:1492
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6544 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:5408
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=1812 /prefetch:8
  2⤵
  PID:5480
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6640 /prefetch:8
  2⤵
  PID:5488
- C:\Users\Admin\Downloads\OperaGXSetup.exe
  "C:\Users\Admin\Downloads\OperaGXSetup.exe"
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:5800
- - C:\Users\Admin\AppData\Local\Temp\7zS8A60A348\setup.exe
    C:\Users\Admin\AppData\Local\Temp\7zS8A60A348\setup.exe --server-tracking-blob=NDVjMzJiNzI2OGExZDNkMmRlOWMzMDc0ZjBhNzRjYzhkMjU5OTM5NzYzMTY0YTZiZjViZTgzODUwODkxNjBiODp7ImNvdW50cnkiOiJHQiIsImVkaXRpb24iOiJzdGQtMiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6Im9wZXJhX2d4IiwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/ZWRpdGlvbj1zdGQtMiZ1dG1fc291cmNlPVBXTmdhbWVzJnV0bV9tZWRpdW09cGEmdXRtX2NhbXBhaWduPVBXTl9HQl9TVlJfT09NJmVkaXRpb249c3RkLTImdXRtX2lkPTI4YTIzODZjMTk1MjQ4ZWQ5NDgxNjBlZWM1N2RkNjg2Jmh0dHBfcmVmZXJyZXI9bWlzc2luZyZ1dG1fc2l0ZT1vcGVyYV9jb20mdXRtX2xhc3RwYWdlPW9wZXJhLmNvbSUyRiZ1dG1faWQ9MjhhMjM4NmMxOTUyNDhlZDk0ODE2MGVlYzU3ZGQ2ODYmZGxfdG9rZW49NzkyMDk1NjkiLCJ0aW1lc3RhbXAiOiIxNzMyMTg1OTY5LjIxMDMiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvOTIuMC40NTE1LjEzMSBTYWZhcmkvNTM3LjM2IEVkZy85Mi4wLjkwMi42NyIsInV0bSI6eyJjYW1wYWlnbiI6IlBXTl9HQl9TVlJfT09NIiwiaWQiOiIyOGEyMzg2YzE5NTI0OGVkOTQ4MTYwZWVjNTdkZDY4NiIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6InBhIiwic2l0ZSI6Im9wZXJhX2NvbSIsInNvdXJjZSI6IlBXTmdhbWVzIn0sInV1aWQiOiI5ZjIwNjM0OS02Zjc2LTRhM2MtODI1My1iOTUyMjg5ZWJiMDgifQ==
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Enumerates connected drives
    - System Location Discovery: System Language Discovery
    - Modifies system certificate store
    - Suspicious use of SetWindowsHookEx
    PID:5952
  - - C:\Users\Admin\AppData\Local\Temp\7zS8A60A348\setup.exe
      C:\Users\Admin\AppData\Local\Temp\7zS8A60A348\setup.exe --type=crashpad-handler /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector-2.opera.com/ --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=114.0.5282.218 --initial-client-data=0x328,0x32c,0x330,0x304,0x334,0x74758c5c,0x74758c68,0x74758c74
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6024
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\setup.exe" --version
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      System Location Discovery: System Language Discovery
      PID:6116
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5588
  - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\assistant\assistant_installer.exe
      "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\assistant\assistant_installer.exe" --version
      4⤵
      Executes dropped EXE
      System Location Discovery: System Language Discovery
      PID:5636
    - - C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\assistant\assistant_installer.exe
        
        "C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x288,0x28c,0x290,0x264,0x294,0x614f48,0x614f58,0x614f64
        5⤵
        Executes dropped EXE
        System Location Discovery: System Language Discovery
        
        PID:5668
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2144,8654379339878989410,15548395628254262495,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2168 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:6092

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:1476

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5100

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Credentials from Password Stores

T1555

Credentials from Web Browsers

T1555.003

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Browser Information Discovery

T1217

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
471B

MD5
719182e07998ae9226d45680aa1fe178

SHA1
8f8b03c110c129cb3a35841ed959de7a7266ffec

SHA256
8f1d64c2c4dbb6ca892083e4b4a8bdb4585597e1269c218340c6b12517bb3dbe

SHA512
2df474f0ac4d1ef93b14deda32c5476da130bc41f37c0a5cd0c271c990914613c3c788116a4b87d44876695f71e5a131847fdf96d609364c06cb2f5ed6ce76a3

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
727B

MD5
9e72d374659500426921f378d0f9a9ce

SHA1
d615d83e7ea84ebd3d6a3380b0c13fa579842920

SHA256
966580d6f949493bea2bee89cdd73192ae6cda95476ded55160a205b5ee86cf1

SHA512
d13ad0538884efe58c88b0591509e6aad10dff0a874bb1c860d626cb590a8aecb3d336855bbe5e773c3b9cb4e8d911d21b730e7de82fe9016ae0735415f2c508

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
727B

MD5
4f2f44acff5c280ecd26b5e7144aff24

SHA1
d542052f27cf058cd2bd7d74e75deb8a009bb334

SHA256
c9725747ce7f281ac09f3a2287a236369b00e99f310eb837c45b2b4f66b82030

SHA512
33d4fcb341e625103b16af3f7b37f4fed5e8d56256980e341fff71356d1a1296192741b96be97de703d8f54af24e3438d0a514edb621ee6e42b1dc4d79089d45

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\698460A0B6E60F2F602361424D832905_8BB23D43DE574E82F2BEE0DF0EC47EEB

Filesize
400B

MD5
9f2c59aec241a4e1b68d679c9963fe25

SHA1
91177476d7aaf7afbbcb64fb58da3932365d6024

SHA256
c7d1f4d2ba2646473c053e6834fcc429816e86f872bb03262a9ee1164cd4f3f6

SHA512
09aa89e1f6d9ceb60e0c7593c49a7616b0f116a3a8b00e76d417ade24542d79494d4f46146f7ef75335de93cd4c9f67584fbf75fbbbaf8e7719046088a2bd3c5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_9A347AC5A42F886F9F966873087C7F2E

Filesize
404B

MD5
eedfb82a00610b76ed173c6bfae8417c

SHA1
d2db11f91fa22b17bd965005c4fabc7618c0a905

SHA256
db60f5e58922c3f23c9e16ef6b29226f16480c6b97d3eafda69e6653a8abccfd

SHA512
868918e9d0ded8a95e393abb92c5d331d6cec4fe6bcc7bb61b9a6734fe5d356aa858c162a8351187b10fdd1f29ec87f47401062b0ea77bf6cd8802f0f29761a0

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141

Filesize
412B

MD5
dee87762890888047f9be9fec0aa218b

SHA1
3e05c5890489f6921f6de06a1b8d1ca32ae20d65

SHA256
000662e12f5eff046f81678d6879eb02a97c64d023f1e2fd9a1e7b299ba86c16

SHA512
8f77987ea1aa7100eb49e5fbe5e2dd48bacd47b75dceaa348845437cc908377a782c51279a6fd21a608090c1e0b490b2804597a31281c77abd91c742a550782d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
0a9dc42e4013fc47438e96d24beb8eff

SHA1
806ab26d7eae031a58484188a7eb1adab06457fc

SHA256
58d66151799526b3fa372552cd99b385415d9e9a119302b99aadc34dd51dd151

SHA512
868d6b421ae2501a519595d0c34ddef25b2a98b082c5203da8349035f1f6764ddf183197f1054e7e86a752c71eccbc0649e515b63c55bc18cf5f0592397e258f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
61cef8e38cd95bf003f5fdd1dc37dae1

SHA1
11f2f79ecb349344c143eea9a0fed41891a3467f

SHA256
ae671613623b4477fbd5daf1fd2d148ae2a09ddcc3804b2b6d4ffcb60b317e3e

SHA512
6fb9b333fe0e8fde19fdd0bd01a1990a4e60a87c0a02bc8297da1206e42f8690d06b030308e58c862e9e77714a585eed7cc1627590d99a10aeb77fc0dd3d864d

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Cache\f_00001f

Filesize
89KB

MD5
445d7ca13d334a0838cff9d6905c1790

SHA1
5747ad731326797179dac0f4770e09c36a8aa248

SHA256
ac47705cb831ecb13f1c94a76fe667e40af99a5ff58ab9e50a1846ec84ec3b37

SHA512
096f26d1d0cfaca0faeb975c62fd0b820215905a01194f96853d3f050b0c33b1b30c96a006e3eeb2924acf939d8713df98e1a3c0e1d1d9a9a9096a0be421bb6b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
ce1790229ba0cdeedacc23a3c626888d

SHA1
57b5353b6218fcf8b5801f79a09caecbbe27cd12

SHA256
6fae24e9adfc50e5d16cd3ea88c3c1a0341e1fdf6c3ff3308e01393a44fe7931

SHA512
a3a9acfccca35ff77570710fd8a2dbedd355447c662e4b0f64d73709ed81e61a2a71f32a4afe21006cba549acd57b0cf75ad5e7637ca1c9d56214de1752ee6ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\File System\000\t\Paths\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
5KB

MD5
e6aaa7582553ea584d2844530dd914cc

SHA1
1a641f5af9d857867390f90363f408c22611d08a

SHA256
e7a4e5cbd26ac3066d5c4c21b641bcf9f394879c7a2d007b1bd3cadcd0b1b355

SHA512
0343fec3b7ea3a3b12dffcb51127650157da4f2d03f8f66a7d69574e85093c943623e5f618543d6473cec4c28fcf0d6e1c2c273324bae447ab0ba816936d20c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
0bb3555dbb99c293dad06fb3ad83cb43

SHA1
8dd47bf3745babf303786515ec7e78117da0a84a

SHA256
cb1ee059af1ea1164a1bbcbe38946992804779a24346eaeb3ade4c664521e32b

SHA512
744172b702a3b86eede41e695977f3c532b42cee193c7998e24b1a343cffb31ccad72c41f1ffe5ed51c4149b7eb74d132680f744fa5358888a6cfeecdd4b98f2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
7KB

MD5
123dc4e2d6732346c315141a69c16a6b

SHA1
625f2e70520ea1341505bebc1e7a7b6393f9b1e1

SHA256
7c3c9f4cc35de0a1f52f1d6f5cddc744b75e26635b6f30a04871a346317a7ba6

SHA512
b8808f24bd42ff3bbf155052fa394a93241d3308aedc60b9f88608fee83861578c5ab480ed33dbb409734b07d469dbdc0468255e17ad20141763b5b1ac52e2a4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
e103066cdecf93bf6fe5d50a4a82604c

SHA1
4df35cfd6ea95372024763eb58ac10999fb9caa3

SHA256
d208aa3012ff97f0db92b728d5ecadac2e3f16b7e8b472fa8c2e2be41a682ffb

SHA512
967206ba34a021f103cf88967cb00bce5f41be063a0dbefee4dc5fcec5529813d7d8c9c81ab72add0f103082ebee8648ffac06a5cd0248f0169aa6bd854a8147

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
9KB

MD5
49f3109c76b0a1e71c96caa9771ce24f

SHA1
dd3a002160efe60c917e393ac9d2a4c4c153cb47

SHA256
404096193fbebee66cf12d9659101eaa19f887e578e577cc0f0e182b946e3466

SHA512
b75576c614b47fc71e0b218cd2c24adbdce802b03d8059015be3cda3c3d1294e5bed337271b16445761154cd6b71a79bd2f302d1a6775373837acd0942963238

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
8KB

MD5
0f7dc589b171c33dcaff71343c622d91

SHA1
f3c7950dc2fbdb1fac29691c315daea675d64a55

SHA256
12caa5b44fa61cff673bb38268348c88417892774686afbec4e1ae0671ff8dfd

SHA512
9bf4d315d082eddbd872750d794a31d22be44dc3fa84b8cb071f9a9b8716d748057ba0365c0c30b6a1e197032a21d0f36e5057d570cc82e900b6571cc15d3f5e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
6cb5546ce3f146fc9588efc38525acfa

SHA1
785e2caea8bfeda89ecdc84164abb62b85c8f521

SHA256
89001e381aeb269d34f26437bbbe7f5a291e74aa61e1a7a8a3b326d8378623eb

SHA512
8887ef9628f27edb75969868b1fa54cfdb25a1aec85b3f878f5feecde0205c3ccf362079b8ae7ce00a629692b608989ab4bb90f362240e531b2b72774df5c3aa

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\Database\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index

Filesize
72B

MD5
3db72212e53dfa913ffafc07dffc6654

SHA1
7201fcf5e84ee1fd0bc875c78f92c0b372c89f9b

SHA256
2f353859539c92eb8422e2b30a8149a5a567a8f31518c34beee4f604a3fd6a28

SHA512
b2d5349361efb1323ae75e425b3afee4c78cef8400c3dd775b7b5c7a0f01fe47bd2c9ab0f9357ccd5d5afebc9c92c0c98b1cebfc7d560e0b3a2f7f5d5fac7f00

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Service Worker\ScriptCache\index-dir\the-real-index~RFe5808a6.TMP

Filesize
48B

MD5
57493b4f6c2321bc4068607cdb166eff

SHA1
7703237d082ee215431a4c0990f49572bb3afb27

SHA256
c48589d911931d9854581b09abec154a39df88b6f6cf8ba205b95ac25bb8e02b

SHA512
40689b00408b5e47c0c5483fa5226bc525245ad77b7dce160c8feb0a6dc43e23b76e8c6b2f78eb0d5235758cc4e1e2427df7ed1ffc43f57f714a57027c32ecbf

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
493bbd6b2f4fe0b8e991b51593e1afa2

SHA1
fbcca56d92fe3e639047173c79dadcd3ff6383a0

SHA256
2aaf4cb7c5ee86b28dd08a5dc845a829bbc738d3198c1d56282f7e712df446bb

SHA512
346f748628ddc7404b73a871bccd692090414baee578823471c5d5d748d021ff97590e7f76c42d523c738e4e9035202aff5fa2dfa3f7700b7bf58a436c312425

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
b8a45d8af93866f2ca01e51e375bcdf7

SHA1
592a7e321acf6525c0050da8e4f9b123737e5d4a

SHA256
92c2c01a4104fe472443cacc8b92587e928b3ec6d4897b79a0fdf03d5499ba5a

SHA512
663edda170c83a858f023d9debf2d9e49e313ca5900bb9b12befdbbb4f5df2e71893f5a17cadbc74f94a039d7112e8086b7e84badc12d5daff7bf2243a16e8c5

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
3de2e175b89350a22fd65a755a88c439

SHA1
85b4307468fc13252100f0b527314f88043be7ec

SHA256
f65110fdb02c89976cb17abefd5520bc608df38b3be56dd42de5e4404dfa4ea9

SHA512
a8f16c180b9d917a27591fe74417baa38d8d81bf61660c9989a3b6c383240c991f14b228ed19978f7e2870618de366bbbab8baea7e32a4f36f5bb89672612864

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
65815d1461fe075f1a98084075de7db1

SHA1
1707ef72b7d058a0618fa49492c66eb8e5123613

SHA256
dfecd9977e8d541157d2d00cd34513d87e8cf0c490a19b2185a0c4ec2c832420

SHA512
cf0d9023d66dc0c91d2b68a9df656bd0121872d5acfe282e3ed6a71286b030b0b63e3940f26f03452b241b3ce1089d7f94b88a3462b818a9d386755db5714a88

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe57c4b7.TMP

Filesize
1KB

MD5
100d79783faa70ebce19ab9ae291ffe7

SHA1
6deefab94b811a40d89adf175f2b9a79cdbf386c

SHA256
91ff773c6047a71614629b96a060a7f3252485c5a23b267a4eb5844ab6132597

SHA512
8b6e63c898a0abf8063e39f3a72d76999926b4af26e3233140c3839f0630440ad46d0378ce377290406f20a7658ee480ec4a6e0a5f06e4810db4906fea909859

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\d3f99135-396c-4e8c-8783-979e1f18ca83.tmp

Filesize
1KB

MD5
638034a83385cd5195ddcac3f50756c4

SHA1
e3311f714c02b2e075e7105fb29ecce9ed16e34e

SHA256
ce765ff78fa3f8a937172b0aa8d50d7423b6cbcf3357899df77e02cc71fd6018

SHA512
f22fc44494bba57661b6a4573549050d85a74943475240c16317cb7b74585452ec2065177bf78b459e0de6ebfe326c49ae551809a83dedab228ff3f8d1df4103

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
adfa23802990bd4e5bb719cecec008ca

SHA1
d707d8fc6dbed0fca7d354c12da5f754c5071070

SHA256
51adf0ad18d702d0d28c9193c30b917b2c79dbc43d2922f97d38676da3d1aabe

SHA512
ba2c549ff530d2875ce35f5144a83d8c3112d3fd8dc8f0cabb428954a51688fa70f04a0163432f0c042bf9963854ccf2f68cdcf8ecf539960d0898045e8ec2de

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\additional_file0.tmp

Filesize
1.4MB

MD5
e9a2209b61f4be34f25069a6e54affea

SHA1
6368b0a81608c701b06b97aeff194ce88fd0e3c0

SHA256
e950f17f4181009eeafa9f5306e8a9dfd26d88ca63b1838f44ff0efc738e7d1f

SHA512
59e46277ca79a43ed8b0a25b24eff013e251a75f90587e013b9c12851e5dd7283b6172f7d48583982f6a32069457778ee440025c1c754bf7bb6ce8ae1d2c3fc5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202411211046291\assistant\assistant_installer.exe

Filesize
1.8MB

MD5
4c8fbed0044da34ad25f781c3d117a66

SHA1
8dd93340e3d09de993c3bc12db82680a8e69d653

SHA256
afe569ce9e4f71c23ba5f6e8fd32be62ac9538e397cde8f2ecbe46faa721242a

SHA512
a04e6fd052d2d63a0737c83702c66a9af834f9df8423666508c42b3e1d8384300239c9ddacdc31c1e85140eb1193bcfac209f218750b40342492ffce6e9da481

Download Submit
C:\Users\Admin\AppData\Local\Temp\7zS8A60A348\setup.exe

Filesize
6.5MB

MD5
80510ea85c478436f90b927e1730820e

SHA1
7a54ff150b83061210dfc683aaf113c8ad3abd1f

SHA256
97fc8eb7503277c0789ae5c7683246b433d8ab5a482ec7fe0ec61e0037c05b30

SHA512
cacdd3f9107f7fb839c6ae67a4408329caa82d15e1f0f5fbf6721500fbe43b873e7eb4da3f3569ce8ddd5c26e4f47397bc2b4f4133808050e49fd34fff2c53a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2411211046280495952.dll

Filesize
6.0MB

MD5
5ec157d8d5e886c43f1adcf45bfa1c71

SHA1
4606048ce3a1d74d5a07e5fda2fd2274e1727b45

SHA256
fcd77e9a357f744ac0eced1f896e23cd875f1c7f8e77b5fff23f86a786842ceb

SHA512
2255f3c3d7deb1946415125d987ab22a75c9dacda94fc3bbcdb43cf876ec0e0cfdc2e4636216b3c20b2eba740a32062bc12b2d72d113ae5913cc6f81758953c7

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports\settings.dat

Filesize
40B

MD5
8fcec7e734d9150e2e4d6228348074df

SHA1
3c97cac2e123c4d74189ef47de9f420a0e8f32b4

SHA256
a5b45313e46fabcf24e121ea08ef781a8997b4438875c6565f10c802c640866e

SHA512
ca3ab54b09598caca490c52b62b23ba8908c91e1f48ee230797cb6ad750b5fc0463401cf87858dc5a426b39e0ee689bbd6d8fd66da4aabcea88f0804ece4f8f4

Download Submit
C:\Users\Admin\Downloads\OperaGXSetup.exe

Filesize
3.2MB

MD5
8d309df0198b2111d5467ed9aea1900a

SHA1
fb2f824ba6d84d4a9de34b655382c7ca936b9c8b

SHA256
867c3a82e283776c1213d6a76542382485068bbfeb141c47791eb8846da55716

SHA512
78eed3f031aeaf443388f6631cddc900148accc9c2b71fa94bdaac8dbbae35208961eaa870c6a98294437d750fd62f8f8c6bac50094e589cd21eb9694e6cd118

Download Submit
\??\pipe\LOCAL\crashpad_5004_XZXGREHTFLHTJWCZ

MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit