Analysis
-
max time kernel
116s -
max time network
159s -
platform
windows11-21h2_x64 -
resource
win11-20231215-en -
resource tags
arch:x64arch:x86image:win11-20231215-enlocale:en-usos:windows11-21h2-x64system -
submitted
23-12-2023 00:39
Static task
static1
Behavioral task
behavioral1
Sample
print('qwjdq).py
Resource
win11-20231215-en
Behavioral task
behavioral2
Sample
print('qwjdq).py
Resource
macos-20231201-en
General
-
Target
print('qwjdq).py
-
Size
2KB
-
MD5
bac21f6be4ff926fb38ef6540f840bdf
-
SHA1
d5812beb4081b43ef7a2e58e1a39aa623b7a5938
-
SHA256
621ab55b0f68544c4fe34b09d4a3164241e424b8bca69b11352f0237794fe17a
-
SHA512
186fa18cef35120dab72f117faa18ac32b7d89bef74f970062b91cebe4f7e1191121dde81bb1d4a1e4fdffa619219afee9776eaf3e94a14b8e366c0983efe28c
Malware Config
Signatures
-
Downloads MZ/PE file
-
Executes dropped EXE 5 IoCs
pid Process 5744 OperaGXSetup.exe 5932 OperaGXSetup.exe 6068 OperaGXSetup.exe 5476 OperaGXSetup.exe 1292 OperaGXSetup.exe -
Loads dropped DLL 5 IoCs
pid Process 5744 OperaGXSetup.exe 5932 OperaGXSetup.exe 6068 OperaGXSetup.exe 5476 OperaGXSetup.exe 1292 OperaGXSetup.exe -
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
resource yara_rule behavioral1/files/0x000200000002a8de-508.dat upx behavioral1/files/0x000200000002a8de-526.dat upx behavioral1/memory/5744-527-0x0000000000180000-0x0000000000730000-memory.dmp upx behavioral1/files/0x000200000002a8de-528.dat upx behavioral1/files/0x000200000002a8de-533.dat upx behavioral1/memory/5932-535-0x0000000000180000-0x0000000000730000-memory.dmp upx behavioral1/files/0x000100000002a91a-547.dat upx behavioral1/files/0x000100000002a91a-546.dat upx behavioral1/memory/6068-552-0x0000000000910000-0x0000000000EC0000-memory.dmp upx behavioral1/memory/6068-554-0x0000000000910000-0x0000000000EC0000-memory.dmp upx behavioral1/memory/5744-577-0x0000000000180000-0x0000000000730000-memory.dmp upx behavioral1/memory/5932-578-0x0000000000180000-0x0000000000730000-memory.dmp upx behavioral1/files/0x000200000002a8de-599.dat upx behavioral1/files/0x000200000002a8de-607.dat upx behavioral1/memory/5476-675-0x0000000000180000-0x0000000000730000-memory.dmp upx behavioral1/memory/1292-676-0x0000000000180000-0x0000000000730000-memory.dmp upx -
Enumerates connected drives 3 TTPs 4 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\F: OperaGXSetup.exe File opened (read-only) \??\D: OperaGXSetup.exe File opened (read-only) \??\F: OperaGXSetup.exe File opened (read-only) \??\D: OperaGXSetup.exe -
Checks processor information in registry 2 TTPs 5 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz firefox.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier firefox.exe -
Modifies registry class 1 IoCs
description ioc Process Key created \REGISTRY\USER\S-1-5-21-1199853020-417986905-91977573-1000_Classes\Local Settings firefox.exe -
description ioc Process Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e OperaGXSetup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e OperaGXSetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25 OperaGXSetup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 040000000100000010000000d474de575c39b2d39c8583c5c065498a0f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc30b00000001000000120000004400690067006900430065007200740000001d00000001000000100000008f76b981d528ad4770088245e2031b630300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25190000000100000010000000ba4f3972e7aed9dccdc210db59da13c92000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a OperaGXSetup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob = 5c000000010000000400000000080000190000000100000010000000ba4f3972e7aed9dccdc210db59da13c90300000001000000140000005fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc251d00000001000000100000008f76b981d528ad4770088245e2031b630b0000000100000012000000440069006700690043006500720074000000140000000100000014000000b13ec36903f8bf4701d498261a0802ef63642bc36200000001000000200000007431e5f4c3c1ce4690774f0b61e05440883ba9a01ed00ba6abd7806ed3b118cf090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f0000000100000014000000e35ef08d884f0a0ade2f75e96301ce6230f213a8040000000100000010000000d474de575c39b2d39c8583c5c065498a2000000001000000c9030000308203c5308202ada003020102021002ac5c266a0b409b8f0b79f2ae462577300d06092a864886f70d0101050500306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a306c310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312b30290603550403132244696769436572742048696768204173737572616e636520455620526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100c6cce573e6fbd4bbe52d2d32a6dfe5813fc9cd2549b6712ac3d5943467a20a1cb05f69a640b1c4b7b28fd098a4a941593ad3dc94d63cdb7438a44acc4d2582f74aa5531238eef3496d71917e63b6aba65fc3a484f84f6251bef8c5ecdb3892e306e508910cc4284155fbcb5a89157e71e835bf4d72093dbe3a38505b77311b8db3c724459aa7ac6d00145a04b7ba13eb510a984141224e656187814150a6795c89de194a57d52ee65d1c532c7e98cd1a0616a46873d03404135ca171d35a7c55db5e64e13787305604e511b4298012f1793988a202117c2766b788b778f2ca0aa838ab0a64c2bf665d9584c1a1251e875d1a500b2012cc41bb6e0b5138b84bcb0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e04160414b13ec36903f8bf4701d498261a0802ef63642bc3301f0603551d23041830168014b13ec36903f8bf4701d498261a0802ef63642bc3300d06092a864886f70d010105050003820101001c1a0697dcd79c9f3c886606085721db2147f82a67aabf183276401057c18af37ad911658e35fa9efc45b59ed94c314bb891e8432c8eb378cedbe3537971d6e5219401da55879a2464f68a66ccde9c37cda834b1699b23c89e78222b7043e35547316119ef58c5852f4e30f6a0311623c8e7e2651633cbbf1a1ba03df8ca5e8b318b6008892d0c065c52b7c4f90a98d1155f9f12be7c366338bd44a47fe4262b0ac497690de98ce2c01057b8c876129155f24869d8bc2a025b0f44d42031dbf4ba70265d90609ebc4b17092fb4cb1e4368c90727c1d25cf7ea21b968129c3c9cbf9efc805c9b63cdec47aa252767a037f300827d54d7a9f8e92e13a377e81f4a OperaGXSetup.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 OperaGXSetup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e OperaGXSetup.exe Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e OperaGXSetup.exe -
NTFS ADS 2 IoCs
description ioc Process File created C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe\:Zone.Identifier:$DATA OperaGXSetup.exe File created C:\Users\Admin\Downloads\OperaGXSetup.exe:Zone.Identifier firefox.exe -
Suspicious use of AdjustPrivilegeToken 4 IoCs
description pid Process Token: SeDebugPrivilege 3904 firefox.exe Token: SeDebugPrivilege 3904 firefox.exe Token: SeDebugPrivilege 5744 OperaGXSetup.exe Token: SeDebugPrivilege 5744 OperaGXSetup.exe -
Suspicious use of FindShellTrayWindow 4 IoCs
pid Process 3904 firefox.exe 3904 firefox.exe 3904 firefox.exe 3904 firefox.exe -
Suspicious use of SendNotifyMessage 3 IoCs
pid Process 3904 firefox.exe 3904 firefox.exe 3904 firefox.exe -
Suspicious use of SetWindowsHookEx 5 IoCs
pid Process 3904 firefox.exe 3904 firefox.exe 3904 firefox.exe 3904 firefox.exe 5744 OperaGXSetup.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3192 wrote to memory of 3904 3192 firefox.exe 85 PID 3904 wrote to memory of 1984 3904 firefox.exe 86 PID 3904 wrote to memory of 1984 3904 firefox.exe 86 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 952 3904 firefox.exe 87 PID 3904 wrote to memory of 1832 3904 firefox.exe 88 PID 3904 wrote to memory of 1832 3904 firefox.exe 88 PID 3904 wrote to memory of 1832 3904 firefox.exe 88 -
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\print('qwjdq).py1⤵PID:4088
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"1⤵
- Suspicious use of WriteProcessMemory
PID:3192 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"2⤵
- Checks processor information in registry
- Modifies registry class
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3904 -
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.0.855288718\2135460580" -parentBuildID 20221007134813 -prefsHandle 1772 -prefMapHandle 1764 -prefsLen 20747 -prefMapSize 233444 -appDir "C:\Program Files\Mozilla Firefox\browser" - {6635341e-c2b5-4a73-9c71-8320b74641a7} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 1864 1f7bcbbc158 gpu3⤵PID:1984
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.1.1149144282\274745749" -parentBuildID 20221007134813 -prefsHandle 2216 -prefMapHandle 2212 -prefsLen 20783 -prefMapSize 233444 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {f18f5c6b-2f9b-48da-b7cc-cee8359c27ab} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 2228 1f7bc6e3258 socket3⤵PID:952
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.2.130809619\1358636926" -childID 1 -isForBrowser -prefsHandle 2724 -prefMapHandle 2768 -prefsLen 20821 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {4520a7a5-7718-4f0e-ab4b-dda55897d7ed} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 3052 1f7c1b84758 tab3⤵PID:1832
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.3.1291884506\2081146026" -childID 2 -isForBrowser -prefsHandle 3464 -prefMapHandle 3460 -prefsLen 26064 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {244cf835-d1c2-403c-beff-687d3ee6829d} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 3476 1f7b0768758 tab3⤵PID:2260
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.4.833479838\977545391" -childID 3 -isForBrowser -prefsHandle 4436 -prefMapHandle 4432 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {d33558a9-1a27-43c6-8a62-2930a1c37b09} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 4444 1f7c3868258 tab3⤵PID:2012
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.5.759549262\2071386831" -childID 4 -isForBrowser -prefsHandle 2900 -prefMapHandle 4988 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {2134c0e5-9eda-475e-8854-d92e93dc74d6} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 4992 1f7c425be58 tab3⤵PID:2700
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.7.197924000\2054430849" -childID 6 -isForBrowser -prefsHandle 5396 -prefMapHandle 5392 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {df81782f-c1fe-4705-821e-b3d9fd5cb69c} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 5408 1f7c425d058 tab3⤵PID:1044
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.6.1108777487\1038441592" -childID 5 -isForBrowser -prefsHandle 5108 -prefMapHandle 5112 -prefsLen 26123 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {02514ccc-f531-4b41-b7ac-7ecc7c6be8a6} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 5004 1f7c3be2158 tab3⤵PID:2664
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.8.2068246473\360172932" -childID 7 -isForBrowser -prefsHandle 5784 -prefMapHandle 5764 -prefsLen 26204 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {e09fcc29-f0df-4085-b492-4376c989db7d} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 5772 1f7be097358 tab3⤵PID:4312
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.9.206548196\1430973316" -childID 8 -isForBrowser -prefsHandle 5156 -prefMapHandle 5692 -prefsLen 26644 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {1559d4cb-8b08-4295-8e6f-b46be46e4d52} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 5628 1f7bc915958 tab3⤵PID:1296
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.12.299417044\1181101568" -childID 11 -isForBrowser -prefsHandle 9428 -prefMapHandle 9152 -prefsLen 26684 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3ea45233-0799-499d-92b1-52da3f1f5bc1} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 4516 1f7c6aa2558 tab3⤵PID:3344
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.11.610721777\696027996" -childID 10 -isForBrowser -prefsHandle 9460 -prefMapHandle 9464 -prefsLen 26684 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {24d32ecd-17f7-48e9-bf4d-940d2086a1fb} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 9428 1f7c696af58 tab3⤵PID:768
-
-
C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3904.10.808849663\1167099226" -childID 9 -isForBrowser -prefsHandle 9472 -prefMapHandle 9476 -prefsLen 26684 -prefMapSize 233444 -jsInitHandle 1172 -jsInitLen 246848 -a11yResourceId 64 -parentBuildID 20221007134813 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {29ac9a6e-c8f5-4c33-bf81-fc4115bb2677} 3904 "\\.\pipe\gecko-crash-server-pipe.3904" 9444 1f7c6969458 tab3⤵PID:1116
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe"3⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
- NTFS ADS
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
PID:5744 -
C:\Users\Admin\Downloads\OperaGXSetup.exeC:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=105.0.4970.63 --initial-client-data=0x32c,0x330,0x334,0x308,0x338,0x748bd550,0x748bd560,0x748bd56c4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5932
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\OperaGXSetup.exe" --version4⤵
- Executes dropped EXE
- Loads dropped DLL
PID:6068
-
-
C:\Users\Admin\Downloads\OperaGXSetup.exe"C:\Users\Admin\Downloads\OperaGXSetup.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=1 --general-interests=1 --general-location=1 --personalized-content=1 --personalized-ads=1 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera GX" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=0 --pintotaskbar=1 --pintostartmenu=0 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5744 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_20231223004058" --session-guid=de89ae69-eb0b-40af-a08a-de44fd4def57 --server-tracking-blob="MmQzMzQyMWIzZDM3NTFmYjg5YmNiMDQ3ZGQ1YzIyZGIyNDhhYmFjZTE2ZGFhMjhiYTA1ZjBmMjg0YWQxYjgyZTp7ImNvdW50cnkiOiJHQiIsImh0dHBfcmVmZXJyZXIiOiJodHRwczovL3d3dy5vcGVyYS5jb20vIiwiaW5zdGFsbGVyX25hbWUiOiJPcGVyYUdYU2V0dXAuZXhlIiwicHJvZHVjdCI6eyJuYW1lIjoib3BlcmFfZ3gifSwicXVlcnkiOiIvb3BlcmFfZ3gvc3RhYmxlL3dpbmRvd3M/dXRtX3NvdXJjZT1nb29nbGUmdXRtX21lZGl1bT1vc2UmdXRtX2NhbXBhaWduPSUyOG5vbmUlMjkmaHR0cF9yZWZlcnJlcj1odHRwcyUzQSUyRiUyRnd3dy5nb29nbGUuY29tJTJGJnV0bV9zaXRlPW9wZXJhX2NvbSZ1dG1fbGFzdHBhZ2U9b3BlcmEuY29tJTJGJmRsX3Rva2VuPTgxNTkzMjEwIiwic3lzdGVtIjp7InBsYXRmb3JtIjp7ImFyY2giOiJ4ODZfNjQiLCJvcHN5cyI6IldpbmRvd3MiLCJvcHN5cy12ZXJzaW9uIjoiMTEiLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNzAzMjkyMDM2LjY4NjQiLCJ1c2VyYWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0OyBydjoxMDUuMCkgR2Vja28vMjAxMDAxMDEgRmlyZWZveC8xMDUuMCIsInV0bSI6eyJjYW1wYWlnbiI6Iihub25lKSIsImxhc3RwYWdlIjoib3BlcmEuY29tLyIsIm1lZGl1bSI6Im9zZSIsInNpdGUiOiJvcGVyYV9jb20iLCJzb3VyY2UiOiJnb29nbGUifSwidXVpZCI6IjhmODFmYjFjLTUyYTctNGNlYS04NGRkLWI5ZGIzM2Y1MjUzNSJ9 " --desktopshortcut=1 --wait-for-package --initial-proc-handle=A0090000000000004⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
PID:5476 -
C:\Users\Admin\Downloads\OperaGXSetup.exeC:\Users\Admin\Downloads\OperaGXSetup.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=105.0.4970.63 --initial-client-data=0x31c,0x320,0x324,0x2fc,0x328,0x71f3d550,0x71f3d560,0x71f3d56c5⤵
- Executes dropped EXE
- Loads dropped DLL
PID:1292
-
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe"4⤵PID:4024
-
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\assistant_installer.exe" --version4⤵PID:5644
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera GX Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktopGX --annotation=ver=73.0.3856.382 --initial-client-data=0x2a4,0x2a8,0x2ac,0x280,0x2b0,0x1024f48,0x1024f58,0x1024f645⤵PID:5712
-
-
-
-
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
10KB
MD58ad8547effc4d043face3d66eaea8933
SHA195e3f0503795657938351e5098116dd815813bb3
SHA256bb5953e68e6e6398f074616e2856ea69912a6b6bc0d213d87072e9246ddd85f1
SHA512b1da0c93252d712348348a70910c881e936ef4c2b62bf0afa97997d6f90c06375d155ceb9a31a999475c7ccb934f6af03d262c51ceb990499194425aa477a8da
-
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\nx9wxjen.default-release\cache2\entries\6DE085D6754FE4EDB0180DEA5EC72B48A1369A54
Filesize16KB
MD5da1bf13aa51f82cc72f47e6656a3b23a
SHA19a15a682f43d6428d6ed50487ac79d519f5688b4
SHA25618d52cf1d3b2aac788d3c307d0af07eee439ac032575c9b2a497d75ced6eaa8d
SHA512efc4f0aad89e56cfa714063e110363c46e9467d27f08f24d58ec04aab5df224ff2e0a5277e1a6bb8253914c6f3319adb34de2ac0ac796327e6b66ba7851f88dc
-
Filesize
1KB
MD559b7a73b4edfc9904e0869b28c9fc8a5
SHA19626963fbd1a01a7256726e8b137996eaf5758fa
SHA256a52308b54f46de119667764f5fef2a1afa70fe578a47cec6fb19d1be5cf9c68d
SHA512d6cf2e0c9662384474cf0610e81c1b6d96422d4f9f342a12e5f742406053b5fe2627c8f57993b19cc16ec69345789d96de538e04739b8fbd41d283d7b65ab9cc
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\additional_file0.tmp
Filesize148KB
MD577384bf0f5cf8cad11b9a390f73da4b5
SHA195067dc79345cfbacd9035107a9a25daa84eda11
SHA2561118b2624cf6d3257fe835bad0100980df5471a6dfe7c2b58477daf6006600bb
SHA5124222a34c78b7ddd679377da762ac40068f1901c19981b78db54b29c0e03a6a6c4ea8f147d74a7363fd50e07adabfe99b4977fe49df5e3a119bac515dc771f9ce
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Filesize230KB
MD586bdaf13451201f8e415b10c13ff90ed
SHA1e16fc11bc5e4bb5f5ac0bb8e7d01e270425eb380
SHA25673af71d77be1bd9bfa99d5ced3047559576e6334dbeea8c3c7093a3e38de310c
SHA5125ebabefa8c07527b9f7d23c8f3fd499997ed5aef3a6dcf64db2538ccd61f7b6836eef134e56b4403c457a8650dec08a9ee32a682c77720c5821c9e63a884cdb9
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\Opera_GX_assistant_73.0.3856.382_Setup.exe_sfx.exe
Filesize154KB
MD5d8a1f6f501ff0de611a7d4f1a77cf34f
SHA1746d827ed4e0fee4f4d359757f7c096f0ace4062
SHA256f0f3d572a269acbf5f0c2310f4ec22619206edd0277201fdc89a7dcc39885e17
SHA51292805adf30cb2951643a282ad2e991d7cfb4f6cfe62f63554f15e185cb5ef4817b298abb271cb1464de2fd1ffea8e550542492ed30406335f8a4621c517d766e
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\assistant_installer.exe
Filesize473KB
MD53c78582bafe507f96ec43f59d5b50c84
SHA10faf2e2e46339e8f2c002a0623c77e05ce3748eb
SHA256ef2745178fe3907cb176e2cfecf8ebd21a1909b64d32eba86e094eb6355958c2
SHA512cbbb0a14134399c44055fa67e5f1f10a74f74d07576ded29edae667a7b66971808e49c78449b4ed167ce4e4e6c209190bf57029ca8751d036a43b4fa781e0626
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\assistant_installer.exe
Filesize98KB
MD5556a3d7b46946774366babc60ef0ba7e
SHA13796220b91b6072aa4133fdad20827eb0a07c755
SHA256197d16e2228cc598a53c152106f7c488042781af0747ffca42e8fab05dc9e0ba
SHA512098437fe9e300a3d946d730f1daabbc7c5e5f708105ea1e2034f66eec654923a8e90339c1a7246dc7cae6b5c4e791f0f4e85adf14212f50bbdb5d92ac9e07fc3
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\assistant\assistant_installer.exe
Filesize26KB
MD5792a2114ed31789e718a34c3cfcb2d04
SHA12e5c343fe9be95764ed34e801530708cfe0102f9
SHA2565440b02d71039d1a9e760af19343c7a9a276cb48c7f3c8824c00f88ce1ad80f5
SHA512e08c1d64f32a81366739c11622c08d347fdead01f077d8f823a3d12632e3fd263c864b6a54b43fa95d0685120e012e01a066ec581d45d0ee5f5419fc77077d39
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera GX Installer Temp\opera_package_202312230040581\opera_package
Filesize937KB
MD5adab958cf31b4c88c36c28935511cbe3
SHA117a1cc9dcdc6832d0cde92da98064582041d125b
SHA256b3bfab3a533dfd922a6cb64a958d498a3ba0ec2f95d46c1adb474711aaef6bec
SHA51218bddb5fdfa161641c674eb9967ccbe2a13fee9b90973eb560da7cc4fdcdf455441d512b6543a6c696f8f780752220d369997d293e92fe1fb6a567cbf7ff41d0
-
Filesize
365KB
MD594f4df2baccc6f3a0a1d195e6694a296
SHA1a1e5bdd4c47b29d61d73d3c093eb0f0f864f51a7
SHA256716e89b07bc1e4aca47638557f13a8048574f9fa61e60774032b4006a8fd6ae5
SHA512b2419decdbb5b99bbe91b3025ea4a573832ca3c4348e06ad1ae010637f4bd2263f2a323455a4c84b76cc0b7f57d857519fa861554ed319266b4bd5dc98379777
-
Filesize
184KB
MD52127762e2d803cc41152554a9b5b1dce
SHA1e58174528b13560a483a0498a73e91b21e0e8a56
SHA25662c79485dc722905191fb017f716da153cb1491e316a43bb0d69df3015e9681e
SHA5121e609ac4f10533cd96f2be59f6ae3c2bf1a2462e64dadd405671708f3e1227eda8dc47a993b1548a3d2c9211406833592e9ca3a5d38ef81b16b50e623b825c37
-
Filesize
104KB
MD5b093a665f12286b6ae9d1482f26ed9f4
SHA1e9a96e8630ccb268d807d470e2aebbe8d95aff14
SHA256b13ac4836d8e32142eb1489f8278f98f97b08da31cb126bf425b11b8ae65e369
SHA512d4c1b76e926353a7951ef769869ff8f29ce575708c868385fa30b5a4563020d6c6db688afc40d0692af6c1bb9f828e6e021b858c8e7393e6b295d868b7dbdf19
-
Filesize
304KB
MD579a3b41dddc8a15088b29b897f4670c5
SHA1d44206204a5b759c2465071e66c39f306fafea1a
SHA2568c7a0f1a809f35829b3ad8e3910b447a2e78fc1a504b46acc95a6cbae4b62d00
SHA5124f0a615b78e3abe9c6c396f2efd3e35f63b4f69ea45b0be3a80973573006bbde4c174bcd059fc92b25a5214d0669fb83ec386db51af208976660682f7e207490
-
Filesize
807KB
MD5e7f18681ef99c686c43c9859a0611c31
SHA17bd193c3173edf7ca2fb6a382bc4b57ea44deb41
SHA256b5b10ed850a84928fc740e786931d02b8f0cf5c0bee09ae29a385a31f22bea07
SHA5122aaaf86882fc5180e1c1edf9d693f64aa66ab21908c64221b4c58b5a03cddb587ad1a352fa2304663ef6dc8e4bb012c3f418ce962121bea2d6f29f6e7b659713
-
Filesize
276KB
MD5c95cfe7d46a47643925d1677eb6aa572
SHA1a662f79975ef571f28e64a516a7b92fa2a0de6ff
SHA2563e83d6426c84476c62595d63a03ee59c07cf93d1f7824c1de11e1c32b1d8165c
SHA512f29bb58174f1fbcc2d988180d51219143a80663647da7aa5a0cf35fab34cc75128b9ed5008e6ee4e73eed1d6bf0580252fcccef4523626c9d42eaa709609189b
-
Filesize
442KB
MD585430baed3398695717b0263807cf97c
SHA1fffbee923cea216f50fce5d54219a188a5100f41
SHA256a9f4281f82b3579581c389e8583dc9f477c7fd0e20c9dfc91a2e611e21e3407e
SHA51206511f1f6c6d44d076b3c593528c26a602348d9c41689dbf5ff716b671c3ca5756b12cb2e5869f836dedce27b1a5cfe79b93c707fd01f8e84b620923bb61b5f1
-
Filesize
144KB
MD59ff29458a7ade6f6dcb2237768cc575c
SHA133fd41766d62547dc687fc555a6123b853e8dc0e
SHA25629cb0c886d47a01a26a0818f26777871490073305a53415f491445441e2deecf
SHA512bddbb7d055e5a38b8f6a623b3b80f8e08d4e9cc790bbad7d06dfcb9f93124326036dc49e58b97f8bc8bfaecc28eceee58c4baa943e4a326badbad409368c1654
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\db\data.safe.bin
Filesize9KB
MD5b6a51a9a6935c641c1bf96a58686cfa4
SHA16d25111eeb7569af1fc462a5d7b431861502ce5f
SHA256ed3e852b9f6eadb1f19423cf53f0cf837fa72378580a77f9b967d60057364c94
SHA51260396d6811c8f36dfb253d8ab5a6a5d0599f8f5619291fdc78d599639ed1934110e2b4a942ef850141473ce88ba318bccd223db8f307a6a6e2cd8113bec7e3bb
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\datareporting\glean\pending_pings\042a7860-b76c-48ca-8fc3-273b805f598e
Filesize734B
MD57e28ce9300b78c1e67daec1f60d4a19a
SHA15f3d2b6c7995d814951c2d8cc0d05cdb53dfc411
SHA256d96130e566375920b1d24434acd6b571e1f1c0d7e03cb79aaf31f40205e61deb
SHA51299e9fd45800e61d329eea19ebd50a098e3aca2968fb2d78ad7f2c59f5238ddee2eb824b713c4e6c3cafe26b5dd6563dc9e8d381baa506df7dfb34a3df85b7993
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll
Filesize997KB
MD5fe3355639648c417e8307c6d051e3e37
SHA1f54602d4b4778da21bc97c7238fc66aa68c8ee34
SHA2561ed7877024be63a049da98733fd282c16bd620530a4fb580dacec3a78ace914e
SHA5128f4030bb2464b98eccbea6f06eb186d7216932702d94f6b84c56419e9cf65a18309711ab342d1513bf85aed402bc3535a70db4395874828f0d35c278dd2eac9c
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info
Filesize116B
MD53d33cdc0b3d281e67dd52e14435dd04f
SHA14db88689282fd4f9e9e6ab95fcbb23df6e6485db
SHA256f526e9f98841d987606efeaff7f3e017ba9fd516c4be83890c7f9a093ea4c47b
SHA512a4a96743332cc8ef0f86bc2e6122618bfc75ed46781dadbac9e580cd73df89e74738638a2cccb4caa4cbbf393d771d7f2c73f825737cdb247362450a0d4a4bc1
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\LICENSE.txt
Filesize479B
MD549ddb419d96dceb9069018535fb2e2fc
SHA162aa6fea895a8b68d468a015f6e6ab400d7a7ca6
SHA2562af127b4e00f7303de8271996c0c681063e4dc7abdc7b2a8c3fe5932b9352539
SHA51248386217dabf7556e381ab3f5924b123a0a525969ff98f91efb03b65477c94e48a15d9abcec116b54616d36ad52b6f1d7b8b84c49c204e1b9b43f26f2af92da2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\manifest.json
Filesize372B
MD58be33af717bb1b67fbd61c3f4b807e9e
SHA17cf17656d174d951957ff36810e874a134dd49e0
SHA256e92d3394635edfb987a7528e0ccd24360e07a299078df2a6967ca3aae22fa2dd
SHA5126125f60418e25fee896bf59f5672945cd8f36f03665c721837bb50adf5b4dfef2dddbfcfc817555027dcfa90e1ef2a1e80af1219e8063629ea70263d2fc936a7
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll
Filesize1.6MB
MD55f80e64864d646d271aa3c98ce954e6f
SHA1a30de04f83dce700d40872b9d8f3c2b8c42968b4
SHA256e1ec6acdf4a541e7409d81cfbb467abe43432f703bbe143af1a03d3af7694203
SHA512e654981d0929636aa1e09da16dd21879d8e6a7d9243ff140781728bf5475de060e64a3e2ea5cabf1bc32f833cdd782aa55eba7a2f7f862af442b75562ae5e2de
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.lib
Filesize1KB
MD5688bed3676d2104e7f17ae1cd2c59404
SHA1952b2cdf783ac72fcb98338723e9afd38d47ad8e
SHA25633899a3ebc22cb8ed8de7bd48c1c29486c0279b06d7ef98241c92aef4e3b9237
SHA5127a0e3791f75c229af79dd302f7d0594279f664886fea228cfe78e24ef185ae63aba809aa1036feb3130066deadc8e78909c277f0a7ed1e3485df3cf2cd329776
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\gmp-widevinecdm\4.10.2557.0\widevinecdm.dll.sig
Filesize1KB
MD5937326fead5fd401f6cca9118bd9ade9
SHA14526a57d4ae14ed29b37632c72aef3c408189d91
SHA25668a03f075db104f84afdd8fca45a7e4bff7b55dc1a2a24272b3abe16d8759c81
SHA512b232f6cf3f88adb346281167ac714c4c4c7aac15175087c336911946d12d63d3a3a458e06b298b41a7ec582ef09fe238da3a3166ff89c450117228f7485c22d2
-
Filesize
6KB
MD5c44edd304ede51f8cdf315062b5c2af4
SHA10536276d6c233f495d8df0356dd8952f970a3264
SHA2560c174649c2e62f8e410578d294da3a367a5e8ad41b4d9c0689390211fbe5d62c
SHA5128573cf9e3106940e5d6bcd23bb0aaeb01aab40bcbc3716024e8989991705638c1064df92759e3b111b03a7725c03a5219d25c0aa26d018581df936fc41cd3c90
-
Filesize
6KB
MD5cadfea0dd3f05d13b60fe6bb808b36bd
SHA12afb3c6ae72391b663ea647fb12a5167526ed44f
SHA256e4735ffcdc195a86324ce4b281ca1135db34cb734cd98f3acf652bace069e4d4
SHA512ff52c31ee550a0c688e28c8a17db834cdf3e119d302e9b834a941d4fb066168b194256465600afb039ea7decc777b3f7e367d4ca787729d6a7fb97a833a6b8f9
-
Filesize
6KB
MD569b713dd029acd3f2ef3f66896537f28
SHA1569b875b8da09c5d0d00eb5b0e2dcc3be69da821
SHA25664498ecb55204d5c0c91e29c4ebed058709dc8ec28188d9f00523910a76e2232
SHA512fded5b0ff5795c1a329c7732af97d6c9eb813f4a4211e9bd6458ae00eb4d43c2651ab44d7e06c67762f79974059d06104ae4699e6d541f47522d748feaa41f2a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4
Filesize1KB
MD5c801544e0959d6d9479dd9dd0b0be111
SHA1f29d38672203e8fc9d0a94793f86644cc02f8875
SHA256575168cec8dbd5767e9e4d89ed0ed77d89eb462c36632560eba47af4ece53edf
SHA512dfc4fcf05a18db055351e17de7b2355f65eb006906f48ac5ad8f6690dfe17e287df8bd17cb4600be56874f9841364022ca46c1cd9242c1859d7a87c0c81e19c2
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4
Filesize4KB
MD509833e2c7095564e32b646708e34ac1a
SHA10f18a87a92312f84d36d3d2c77e2d207ec2dad01
SHA256633c4b6da741fbd908da92924821af5cdb70f27ca885659400ac97b1582051fa
SHA5127657e178a39f2436c77f751078d991c65d817c44c35884acf5b82ce1a5dc09cb2c58fd46198bb00acf2081b85fcc7a9bacbfe3244dc7446578f2d3227a2d81af
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4
Filesize5KB
MD5a92d613719851f2ecf96995f9d8cbdce
SHA17377f0f0ca3847e6bf5c0ad9099730383b4e5469
SHA256ebd32ca4197a755758ee897fbb220c5129891a491bfaba3ff815886a5132985d
SHA512e6c5bdadcbc5476c64e36967ae30dd1800a87b35af6a9446510dbf146ba7d02a49ef6d9f8205dfef862721f89058b470fbe70ca77c7b8ad14e6847bb5a969924
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4
Filesize3KB
MD5f19219dcff9f9cca9ad957ca24a3c2e6
SHA1c30c8bf0f878ce37a206fbaa27d0ca937974b496
SHA2565d65509ac96e8bfca62d766e7e54611160c7fb5a37800082af0df02b355bc3b1
SHA512b8a59ae5127e9410b14b1513e990b98a962d7feb148fcd63983e1e1f0394060f5dc1ac806f98b02d87b2f2c532c436716f1fc084417a61e14647f153c37f934a
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4
Filesize5KB
MD5d7824c2a5a2f9b0e56ad732445ee909d
SHA1832aef59d0ff031247d158f43f1e2f8484fba020
SHA2569f367c973a7236819f4a3da7470106db50cc246f1ba0ef3c040a1619e942ce1e
SHA512c521e9a1591db10cf8fea49d3daffe721046450361f56948cab5eedea0c7a1e776e16146398548bc9e0a889b9d78d77cce95f3d27c6cd6a90effbadf8c4a2659
-
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\nx9wxjen.default-release\sessionstore-backups\recovery.jsonlz4
Filesize5KB
MD56444475421887fc00c9093784b63ed98
SHA1819dad75674df40941a16af933ec8d3601fbcced
SHA25614e3565981adef6e9fe7ed22c8b9573d19704f5e60d6d13003bfe37fe05c0d08
SHA51291fa1539bcc62011bb8abafd68a697cafb40273edf4863ef459803e9563e0bd950c777b13e5fe1d86d904a87c3111ceab8179badd378453ad1c3671d42429ab1
-
Filesize
40B
MD5a2ce44323a1e6eedc9f7cb0ff517c91a
SHA182f64312b9a9c4e0a4b87b2d55a2e4dda155032b
SHA256f7be0073760e045751856d67e3d5c054765c4b0f8a9cdd7d9783ac997cb3ecd9
SHA512acc66d26ee238f0e7684ab3ae2852a4c6b540b2acfca5adf2089e3a8bf33cd656e3fd24b1094db3e79112a0b0961e7985b9035c915e1b3d8c32425e553f5cec0
-
Filesize
1.0MB
MD5e39ab46bfaa1c444b595e828db67a933
SHA13b347059a5ab909a68fe85f90b9a2e7f16552049
SHA256b7fc0e4565ca8d91f22926b4bff4060c22408b8be55ef6e70126d889d7884e48
SHA51241979761713c1df22aa86e0988325238be847ba6f10c9dcb4b19d995fd09959e5bdc95af765af0bda02c099e7a9e594a1684e59e7e123cf835846b6dbde1e4e9
-
Filesize
573KB
MD5cb1d51d6622985e0c656474c3feaeb67
SHA1a826e3a8cc712513aadb7f1097a547afbe58a90a
SHA256437c4aae5f19f428ce91beb64f8217763fd41192f9a61e57039f582b7477022c
SHA512d55aebe56700c03c209fad37b6e9e6b379e935a9c6fcf99041a6f1a632f116bde3378e5c0a901b8acb79c054febb0bf71bfb4d1d7b6373c330a41f16359d5963
-
Filesize
97KB
MD597201f604f08eef52d1163d49dbfe3a7
SHA1de8c3f5a745b2eb172fa2f2f39c5329d8c52440b
SHA256d2e9ee6551383bed3174721b5e82e481aff4a1475ee968b53f1079cc6682e0d8
SHA5124aa428a3febc4bd6521e0ccb098f1915ce0991f4a27c7cf6a59082d3d465db8e03e58dd00f9db73f236fb22363de87f2a7221a81682fd50414cb6bd494b4bce9
-
Filesize
1.4MB
MD5931f19532f55546d3bd81178b4f03a20
SHA1b5c416d5742044583236dc6db8a175df19d2a002
SHA256b35d79ab6b76d1d38f6e93a279680479ef3a5f1d0fda2adf7c0e14b4f88871e7
SHA512911ba9069b86d3cb2317f8d461d185a46b1447e80ea600763103605595675be9eda07b49e44af9839374d2b7e37b4efbdc6977e7dd9449a2fb36dd936484bdd0
-
Filesize
584KB
MD559404e060df368dd389a59770afd2d52
SHA1fe08a133513ce661e8812476445acf73bc80bdf7
SHA2568ca6be9173a3c1a8e563d3608dbc3d32a02b3ccc4f69ac81e0105ca395af2f72
SHA512b3959f459f3fff7da45ebd60e00595495ec6ca0a2bbceba9439d72950e1f24635c37909ad6391bbef23aad240575e74c3212f6fbf15b1b2316aba53cf6ce6990
-
Filesize
128KB
MD5bd59a76d73fd51471430fee971f3c840
SHA1008be2e47a40a4f482327ca3b100635c589c7d8d
SHA256119822f3516b43a11786db187661d8d7a93e93c34c26959b5f778695ded0348f
SHA5129054be04526a6b7415a9365f93d9fcb6fad8629ae5541654ace500b551b80af6f7b67cd435ba03628a556e4b3c15bd8191310ecee560fdc23449de789de2abc6